Draytek Vigor2760, User Manual

Page 1: ......

Page 2: ...Vigor2760 Series User s Guide ii ...

Page 3: ...Vigor2760 Series User s Guide iii Vigor2760 Series VDSL2 Security Firewall User s Guide Version 1 6 Firmware Version V3 8 2 1 For future update please visit DrayTek web site Date January 11 2016 ...

Page 4: ...rvation of the environment Warranty We warrant to the original end user purchaser that the router will be free from any defects in workmanship or materials for a period of two 2 years from the date of purchase from the dealer Please keep your purchase receipt in a safe place as it serves as proof of date of purchase During the warranty period and upon proof of purchase should the product have indi...

Page 5: ...o guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one of the following measures Reorient or relocate the receiving antenna Increase the separation between the equipment and...

Page 6: ... not exceed five Le présent appareil est conforme aux CNR d Industrie Canada applicables aux appareils radio exempts de licence L exploitation est autorisée aux deux conditions suivantes 1 l appareil ne doit pas produire de brouillage et 2 l utilisateur de l appareil doit accepter tout brouillage radioélectrique subi même si le brouillage est susceptible d en compromettre le fonctionnement Le prés...

Page 7: ...Vigor2760 Series User s Guide vii More update please visit www draytek com ...

Page 8: ...ucing Dashboard 22 1 8 1 Virtual Panel 23 1 8 2 Name with a Link 23 1 8 3 Quick Access for Common Used Menu 24 1 8 4 GUI Map 25 1 8 5 Web Console 26 1 8 6 Config Backup 27 1 8 7 Logout 27 1 9 Online Status 28 1 9 1 Physical Connection 28 1 9 2 Virtual WAN 30 1 10 Saving Configuration 31 Quick Setup 33 2 1 Quick Start Wizard 33 2 1 1 For WAN1 ADSL VDSL2 35 2 1 2 For WAN2 Ethernet 41 2 1 3 For WAN3 ...

Page 9: ...ort Triggering 171 3 5 Firewall 174 3 5 1 Basics for Firewall 174 3 5 2 General Setup 176 3 5 3 Filter Setup 181 3 5 4 DoS Defense 189 3 6 Objects Settings 193 3 6 1 IP Object 193 3 6 2 IP Group 196 3 6 3 IPv6 Object 198 3 6 4 IPv6 Group 200 3 6 5 Service Type Object 201 3 6 6 Service Type Group 203 3 6 7 Keyword Object 205 3 6 8 Keyword Group 207 3 6 9 File Extension Object 208 3 6 10 SMS Mail Se...

Page 10: ...Management 287 3 11 Certificate Management 288 3 11 1 Local Certificate 288 3 11 2 Trusted CA Certificate 291 3 11 3 Certificate Backup 293 3 12 VoIP 294 3 12 1 General Setting 296 3 12 1 SIP Accounts 298 3 12 2 DialPlan 302 3 12 3 Phone Settings 311 3 12 4 Status 315 3 13 Wireless LAN 317 3 13 1 Basic Concepts 317 3 13 2 General Setup 319 3 13 3 Security 320 3 13 4 Access Control 323 3 13 5 WPS 3...

Page 11: ... 5 DHCP Table 383 3 17 6 NAT Sessions Table 384 3 17 7 Ping Diagnosis 385 3 17 8 Data Flow Monitor 386 3 17 9 Traffic Graph 388 3 17 10 Trace Route 389 3 17 11 Syslog Explorer 390 3 17 12 IPv6 TSPC Status 392 Tutorials and Applications 393 4 1 How to configure settings for IPv6 Service in Vigor2760 393 4 2 How can I get the files from USB storage device connecting to Vigor router 405 4 3 How to Bu...

Page 12: ...mmand adsl annex 457 Telnet Command adsl automode 457 Telnet Command adsl optn 457 Telnet Command adsl savecfg 458 Telnet Command adsl vendorid 458 Telnet Command adsl atm 458 Telnet Command adsl pvcbinding 459 Telnet Command adsl snr 460 Telnet Command vdsl status 460 Example Telnet Command vdsl idle 460 Telnet Command vdsl drivermode 461 Telnet Command vdsl reboot 461 Telnet Command vdsl annex 4...

Page 13: ...nternet 495 Telnet Command ip6 neigh 496 Telnet Command ip6 pneigh 497 Telnet Command ip6 route 497 Telnet Command ip6 ping 498 Telnet Command ip6 tracert 499 Telnet Command ip6 tspc 499 Telnet Command ip6 radvd 500 Telnet Command ip6 mngt 500 Telnet Command ip6 online 501 Telnet Command ip6 aiccu 502 Telnet Command ip6 ntp 503 Telnet Command ipf view 503 Telnet Command ipf set 504 Telnet Command ...

Page 14: ...elnet Command show dhcp 540 Telnet Command show dmz 541 Telnet Command show dns 541 Telnet Command show openport 542 Telnet Command show nat 542 Telnet Command show portmap 542 Telnet Command show pmtime 542 Telnet Command show session 543 Telnet Command show status 543 Telnet Command show adsl 543 Telnet Command show statistic 544 Telnet Command srv dhcp badip 544 Telnet Command srv dhcp public 5...

Page 15: ...ommand vigbrg on 573 Telnet Command vigbrg off 573 Telnet Command vigbrg status 573 Telnet Command vigbrg cfgip 574 Telnet Command vigbrg wan1on 574 Telnet Command vigbrg wan1off 574 Telnet Command vpn l2lset 574 Telnet Command vpn l2lDrop 575 Telnet Command vpn dinset 575 Telnet Command vpn subnet 576 Telnet Command vpn setup 577 Telnet Command vpn option 578 Telnet Command vpn mroute 582 Telnet ...

Page 16: ...onfig 595 Telnet Command wl set 597 Telnet Command wl act 598 Telnet Command wl iso_vpn 598 Telnet Command wl wmm 598 Telnet Command wl ht 600 Telnet Command wl restart 601 Telnet Command wl btnctl 601 Telnet Command wl efuse 601 Telnet Command wan vlan 602 Telnet Command wol 602 ...

Page 17: ...eneration Network you may recently hear the news about FTTx deployment in your local area or even have already subscribed the unbundling last mile service e g VDSL2 from local ITSP for FTTx As adopting FTTx the main question for end users is whether your legacy router could fully utilize its bandwidth or not DrayTek launches Vigor 2760 series High speed router perfectly complied with VDSL2 environ...

Page 18: ...ion PSK X 509 PPTP MPPE L2TP over IPsec Security Object based Firewall MAC Address Filter SPI Stateful Packet Inspection DoS DDoS Prevention IM P2P Applications Filter URL Content Filter Global View Web Content Filter Bind IP to MAC NAT Routing DMZ Host Port Forwarding Redirection Route Policy Static Route RIPv2 Network Feature Two subnets VLAN LAN Port Mirror Bandwidth Session Management QoS by I...

Page 19: ...fax Sending Receiving Supplemental Services Call Hold Retrieve Call Waiting CLIR Calling Line Identification Restriction Call Forwarding Always Busy and No Answer Call Barring Incoming Outgoing Hotline DND Do Not Disturb Call Transfer MWI Message Waiting Indicator RFC 3842 Firmware Updates Firmware updates for your product ensure that you have the latest set of features security updates and improv...

Page 20: ...t t Antenna n models CD RJ 45 Cable Ethernet Quick Start Guide The type of the power adapter depends on the country that the router will be installed The maximum power consumption is 17 23 Watt UK type Power Adapter EU type Power Adapter USA Taiwan type Power Adapter AU NZ type Power Adapter ...

Page 21: ... first 1 1 3 3 1 1 F Fo or r V Vi ig go or r2 27 76 60 0 LED Status Explanation Blinking The router is powered on and running normally ACT Off The router is powered off On The DSL port is connected Blinking Slowly The router is ready DSL Green Blinking Quickly The connection is training On Green The port is connected LAN1 2 3 4 Blinking Green The data is transmitting USB1 2 On A USB device is conn...

Page 22: ...s blinking Press the hole and keep for more than 5 seconds When you see the ACT LED begins to blink rapidly than usual release the button Then the router will restart with the factory default configuration VDSL ADSL Connector for accessing the Internet USB 1 2 Connector for USB storage device Pen Driver Mobile HD or printer or 3G backup LAN 1 4 Connectors for local network devices ...

Page 23: ...The data is transmitting via wireless connection Blinking Orange Blinks with one second cycle for two minutes The WPS function is active Wireless LAN On Off WPS Off The wireless access point is turned off On The DSL port is connected Blinking Slowly The router is ready DSL Green Blinking Quickly The router is trying to connect to Internet On The port is connected LAN1 2 3 4 Blinking Green The data...

Page 24: ... Then the router will restart with the factory default configuration WLAN ON OFF WPS WLAN WPS Press this button for 2 seconds to wait for client device making network connection through WPS When the LED lights up the WPS connection will be on WLAN ON OFF Press the button once to enable WLAN LED on or disable WLAN LED off wireless connection VDSL ADSL Connector for accessing the Internet USB 1 2 Co...

Page 25: ...e phone connected to this port is on hook Phone1 Phone2 Blinking A phone call comes On Green The wireless access point is ready Blinking Green The data is transmitting via wireless connection Blinking Orange Blinks with one second cycle for two minutes The WPS function is active Wireless LAN On Off WPS Off The wireless access point is turned off On The DSL port is connected Blinking Slowly The rou...

Page 26: ...iguration WLAN ON OFF WPS WLAN WPS Press this button for 2 seconds to wait for client device making network connection through WPS When the LED lights up the WPS connection will be on WLAN ON OFF Press the button once to enable WLAN LED on or disable WLAN LED off wireless connection VDSL ADSL Connector for accessing the Internet USB 1 2 Connector for USB storage device Pen Driver Mobile HD or prin...

Page 27: ...litter 2 Connect one port of 4 port switch to your computer with a RJ 45 cable This device allows you to connect 4 PCs directly 3 Connect Phone port to a conventional analog telephone for V model only 4 Connect detachable antennas to the router for Vigor2760 series for n model only 5 Connect one end of the power cord to the power port of this device Connect the other end to the wall outlet of elec...

Page 28: ...ter can print documents via the router The example provided here is made based on Windows 7 For installation on other Windows systems please visit www DrayTek com Before using it please follow the steps below to configure settings for connected computers or wireless clients 1 Connect the printer with the router through USB parallel port 2 Open All Programs Getting Started Devices and Printers ...

Page 29: ... 13 3 Click Add a printer 4 A dialog will appear Click Add a local printer and click Next 5 In this dialog choose Create a new port In the field of Type of port use the drop down list to select Standard TCP IP Port Then click Next ...

Page 30: ... User s Guide 14 6 In the following dialog type 192 168 1 1 router s LAN IP in the field of Hostname or IP Address and type 192 168 1 1 as the Port name Then click Next 7 Click Standard and choose Generic Network Card ...

Page 31: ... your system will ask you to choose right name of the printer that you installed onto the router Such step can make correct driver loaded onto your PC When you finish the selection click Next 9 Type a name for the chosen printer Click Next ...

Page 32: ...Vigor2760 Series User s Guide 16 10 Choose Do not share this printer and click Next 11 Then in the following dialog click Finish ...

Page 33: ...Guide 17 12 The new printer has been added and displayed under Printers and Faxes Click the new printer icon and click Printer server properties 13 Edit the property of the new printer you have added by clicking Configure Port ...

Page 34: ...ol type p1 number 1 as Queue Name Then click OK Next please refer to the red rectangle for choosing the correct protocol and LPR name The printer can be used for printing now Most of the printers with different manufacturers are compatible with vigor router ...

Page 35: ...er your printer is supported or not please visit www draytek com to find out the printer list Open Support FAQ Application Notes find out the link of USB Printer Server and click it Then click the What types of printers are compatible with Vigor router link Note 2 Vigor router supports printing request from computers via LAN ports but not WAN port ...

Page 36: ...he same subnet as the default IP address of Vigor router 192 168 1 1 For the detailed information please refer to the later section Trouble Shooting of the guide 2 Open a web browser on your PC and type http 192 168 1 1 The following window will be open to ask for username and password 3 Please type admin admin as the Username Password and click Login Notice If you fail to access to the web config...

Page 37: ...tem will logout after 5 minutes without any operation Change the setting for your necessity 1 1 7 7 C Ch ha an ng gi in ng g P Pa as ss sw wo or rd d Please change the password for the original security of the router 1 Open a web browser on your PC and type http 192 168 1 1 A pop up window will open to ask for username and password 2 Please type admin admin as Username Password for accessing into ...

Page 38: ...xt time use the new password to access the Web user interface for this router Note Even the password is changed the Username for logging onto the web user interface is still admin 1 1 8 8 I In nt tr ro od du uc ci in ng g D Da as sh hb bo oa ar rd d Dashboard shows the connection status including System Information IPv4 Internet Access IPv6 Internet Access Interface physical connection Security an...

Page 39: ...of the router displays the physical interface connection It will be refreshed every five seconds The LED lights or blinks according to the physical connection on the router For detailed information about the LED display refer to 1 2 LED Indicators and Connectors 1 1 8 8 2 2 N Na am me e w wi it th h a a L Li in nk k A name with a link e g Router Name Current Time WAN1 and etc below means you can c...

Page 40: ...splayed here Move your mouse cursor on any one of the links and click on it The corresponding setting page will be open immediately In addition quick access for VPN security settings such as Remote Dial in User and LAN to LAN are located on the bottom of this page Scroll down the page to find them and use them if required Note that there is a plus icon located on the left side of VPN LAN WLAN Clic...

Page 41: ...p All the functions the router supports are listed with table clearly in this page Users can click the function link to access into the setting page of the function for detailed configuration Click the icon on the top of the main screen to display all the functions ...

Page 42: ...elnet command via DOS prompt The changes made by using web console have the same effects as modified through web user interface The functions settings modified under Web Console also can be reviewed on the web user interface Click the Web Console icon on the top of the main screen to open the following screen ...

Page 43: ...e Config Backup icon It allows you to backup current settings as a file Such configuration file can be restored by using System Maintenance Configuration Backup Simply click the icon on the top of the main screen and a pop up dialog will appear Click Save to store the setting 1 1 8 8 7 7 L Lo og go ou ut t Click this icon to exit the web user interface ...

Page 44: ...tus such as LAN connection status WAN connection status ADSL information and so on P Ph hy ys si ic ca al l C Co on nn ne ec ct ti io on n f fo or r I IP Pv v4 4 P Pr ro ot to oc co ol l Note If the firmware which supports Vectoring has been installed to your Vigor router you will see a short message of with Vectoring support near to VDLS2 Information Such feature is available for VDSL2 only ...

Page 45: ...face WAN1 WAN2 WAN3 Status Enable Yes in red means such interface is available but not enabled Yes in green means such interface is enabled Line Displays the physical connection VDSL ADSL Ethernet or USB of this interface Name Display the name of the router Mode Displays the type of WAN connection e g PPPoE Up Time Displays the total uptime of the interface IP Displays the IP address of the WAN in...

Page 46: ... green means such interface is enabled No in red means such interface is not available Mode Displays the type of WAN connection e g TSPC Up Time Displays the total uptime of the interface IP Displays the IP address of the WAN interface Gateway IP Displays the IP address of the default gateway Note The words in green mean that the WAN connection of that interface is ready for accessing Internet the...

Page 47: ...ra at ti io on n Each time you click OK on the web page for saving the configuration you can find messages showing the system interaction with you Ready indicates the system is ready for you to input settings Settings Saved means your settings are saved once you click Finish or OK button ...

Page 48: ...Vigor2760 Series User s Guide 32 This page is left blank ...

Page 49: ...izard used for establishing VPN tunnel the router is treated as a VPN client VPN Server Wizard used for establishing VPN tunnel the router is treated as a VPN server Wireless Wizard used for building wireless LAN connection VoIP Wizard used for establishing VoIP profile 2 2 1 1 Q Qu ui ic ck k S St ta ar rt t W Wi iz za ar rd d Quick Start Wizard can help you to deploy and use the router easily an...

Page 50: ... that you use If DSL interface is used please choose WAN1 if Ethernet interface is used please choose WAN2 if 3G USB modem is used please choose WAN3 Then click Next for next step WAN1 WAN2 and WAN3 will bring up different configuration page Refer to the following sections for detailed information ...

Page 51: ...th tag The router will add specific VLAN number to all packets on the WAN while sending them out Please type the tag value and specify the priority for the packets sending by WAN1 Disable Disable the function of VLAN with tag Tag value Type the value as the VLAN ID number The range is form 0 to 4095 Priority Type the packet priority number for such VLAN The range is from 0 to 7 You have to select ...

Page 52: ...face Choose PPPoE PPPoA as the protocol For ADSL Only Such field is provided for ADSL only You have to choose encapsulation and type the values for VPI and VCI Or click Auto detect to find out the best values Fixed IP Click Yes to enable Fixed IP feature IP Address Type the IP address if Fixed IP is enabled Primary DNS Type in the primary IP address for the router Secondary DNS Type in secondary I...

Page 53: ...ce Name Optional Enter the description of the specific network service User Name Assign a specific valid user name provided by the ISP Note The maximum length of the user name you can set is 63 characters Password Assign a valid password provided by the ISP Note The maximum length of the password you can set is 62 characters Confirm Password Retype the password Back Click it to return to previous ...

Page 54: ... finished the above settings click Next for viewing summary of such connection 4 Click Finish A page of Quick Start Wizard Setup OK will appear Then the system status of this protocol will be shown 5 Now you can enjoy surfing on the Internet ...

Page 55: ...m Description Protocol There are two modes offered for you to choose for WAN1 interface Choose MPoA Static or Dynamic IP as the protocol For ADSL Only Such field is provided for ADSL only You have to choose encapsulation and type the values for VPI and VCI Or click Auto detect to find out the best values Fixed IP Click Yes to enable Fixed IP feature IP Address Type the IP address if Fixed IP is en...

Page 56: ...age Next Click it to get into the next setting page Cancel Click it to give up the quick start wizard 2 Please type in the IP address mask gateway information originally provided by your ISP Then click Next for viewing summary of such connection 3 Click Finish A page of Quick Start Wizard Setup OK will appear Then the system status of this protocol will be shown 4 Now you can enjoy surfing on the ...

Page 57: ... VLAN with tag The router will add specific VLAN number to all packets on the WAN while sending them out Please type the tag value and specify the priority for the packets sending by WAN2 Disable Disable the function of VLAN with tag Tag value Type the value as the VLAN ID number The range is form 0 to 4095 Priority Type the packet priority number for such VLAN The range is from 0 to 7 On the next...

Page 58: ...pe Then click Next to continue Available settings are explained as follows Item Description Service Name Optional Enter the description of the specific network service User Name Assign a specific valid user name provided by the ISP Note The maximum length of the user name you can set is 63 characters Password Assign a valid password provided by the ISP Note The maximum length of the password you c...

Page 59: ...e next setting page Cancel Click it to give up the quick start wizard 3 Please manually enter the Username Password provided by your ISP Click Next for viewing summary of such connection 4 Click Finish A page of Quick Start Wizard Setup OK will appear Then the system status of this protocol will be shown 5 Now you can enjoy surfing on the Internet ...

Page 60: ...Click PPTP as the Internet Access Type Then click Next to continue Available settings are explained as follows Item Description User Name Assign a specific valid user name provided by the ISP Note The maximum length of the user name you can set is 63 characters Password Assign a valid password provided by the ISP Note The maximum length of the password you can set is 62 characters ...

Page 61: ...ry IP address for the router Second DNS Type in secondary IP address for necessity in the future PPTP Server Type the IP address of the server Back Click it to return to previous setting page Next Click it to get into the next setting page Cancel Click it to give up the quick start wizard 3 Please type in the IP address mask gateway information originally provided by your ISP Then click Next for v...

Page 62: ...atic IP as the Internet Access type Simply click Next to continue Available settings are explained as follows Item Description WAN IP Type the IP address Subnet Mask Type the subnet mask Gateway Type the IP address of gateway Primary DNS Type in the primary IP address for the router Secondary DNS Type in secondary IP address for necessity in the future Back Click it to return to previous setting p...

Page 63: ... give up the quick start wizard 3 Please type in the IP address information originally provided by your ISP Then click Next for next step 4 Click Finish A page of Quick Start Wizard Setup OK will appear Then the system status of this protocol will be shown 5 Now you can enjoy surfing on the Internet ...

Page 64: ...s Guide 48 D DH HC CP P 1 Choose WAN2 as WAN Interface and click the Next button The following page will be open for you to specify Internet Access Type 2 Click DHCP as the Internet Access type Simply click Next to continue ...

Page 65: ...r access authentication In such cases you need to enter the MAC address Back Click it to return to previous setting page Next Click it to get into the next setting page Cancel Click it to give up the quick start wizard 3 After finished the settings above click Next for viewing summary of such connection 4 Click Finish A page of Quick Start Wizard Setup OK will appear Then the system status of this...

Page 66: ...xt for getting the following page Available settings are explained as follows Item Description Internet Access Choose one of the selections as the protocol of accessing the internet 3G 4G USB Modem PPP mode SIM Pin code Type PIN code of the SIM card that will be used to access Internet The maximum length of the pin code you can set is 15 characters Modem Initial String Such value is used to initia...

Page 67: ...to access Internet Network Mode Force Vigor router to connect Internet with the mode specified here If you choose 4G 3G 2G as network mode the router will choose a suitable one according to the actual wireless signal automatically APN Name APN means Access Point Name which is provided and required by some ISPs 3 Then click Next for viewing summary of such connection 4 Click Finish A page of Quick ...

Page 68: ...ocated on http myvigor draytek com For using Web Content Filter Profile please refer to later section Web Content Filter Profile for detailed information Now follow the steps listed below to activate WCF feature for your router Note Such function is available only for Admin Mode 1 Open Wizards Service Activation Wizard 2 The screen of Service Activation Wizard will be shown as follows Choose the o...

Page 69: ...al period After trial you can purchase DrayTek s prepared Commtouch GlobalView WCF package from retailing outlets BPjM is WCF for German Speaking users The fragfINN is whitelist for German Speaking users The BPjM is ideal for your family to provide more Internet security for youngsters The fragFINN is designed for protecting kids from inadequate web sites More info is available at http www draytek...

Page 70: ...ll be activated and applied as the default rule configured in Firewall General Setup 6 Now the web page will display the service that you have activated according to your selection s The valid time for the free trial of these services is one month When all the trial editions for various web content filters had been enabled the configuration page of Service Activation Wizard will be invalid as show...

Page 71: ...er to client step by step 1 Open VPN and Remote Access VPN Client Wizard The following page will appear Available settings are explained as follows Item Description LAN to LAN Client Mode Selection Choose the client mode Route Mode NAT Mode If the remote network only allows you to dial in with single IP please choose this mode otherwise please choose Route Mode Please choose a LAN to LAN Profile T...

Page 72: ...lowing page In this page you have to select suitable VPN type for the VPN client profile There are six types provided here Different type will lead to different configuration page After making the choices for the client profile please click Next You will see different configurations based on the selection s you made ...

Page 73: ...ng descriptions for VPN Type are based on the Route Mode specified in LAN to LAN Client Mode Selection When you choose PPTP None Encryption or PPTP Encryption you will see the following graphic When you choose IPsec you will see the following graphic ...

Page 74: ...ollowing graphic When you choose L2TP over IPsec Nice to Have or L2TP over IPsec Must you will see the following graphic Available settings are explained as follows Item Description Profile Name Type a name for such profile The length of the file is limited to 10 characters ...

Page 75: ...tive IPsec Security Method Medium Authentication Header AH means data will be authenticated but not be encrypted By default this option is active High Encapsulating Security Payload ESP means payload data will be encrypted and authenticated You may select encryption algorithm from Data Encryption Standard DES Triple DES 3DES and AES User Name This field is used to authenticate for connection when ...

Page 76: ...utton to access VPN and Remote Access Connection Management for viewing VPN Connection status Do another VPN Server Wizard Setup Click this radio button to set another profile of VPN Server through VPN Server Wizard View more detailed configuration Click this radio button to access VPN and Remote Access LAN to LAN for viewing detailed configuration ...

Page 77: ...r Available settings are explained as follows Item Description VPN Server Mode Selection Choose the direction for the VPN server Site to Site VPN To set a LAN to LAN profile automatically please choose Site to Site VPN Remote Dial in User You can manage remote access by maintaining a table of remote user profile so that users can be authenticated to dial in via VPN connection Please choose a LAN t...

Page 78: ... dial in type for the VPN server profile There are several types provided here similar to VPN Client Wizard Different Dial in Type will lead to different configuration page In addition adjustable items for each dial in type will be changed according to the VPN Server Mode Site to Site VPN and Remote Dial in User selected 2 After making the choices for the server profile please click Next You will ...

Page 79: ...ies User s Guide 63 When you check PPTP you will see the following graphic When you check PPTP IPsec L2TP three types or PPTP IPsec two types or L2TP with Policy Nice to Have Must you will see the following graphic ...

Page 80: ... L2TP with or without IPsec policy above The length of the name is limited to 11 characters Pre Shared Key For IPsec L2TP IPsec authentication you have to type a pre shared key The length of the name is limited to 64 characters Confirm Pre Shared Key Type the pre shared key again for confirmation Digital Signature X 509 Check the box of Digital Signature to invoke this function Peer ID Choose the ...

Page 81: ...If there is no problem you can click one of the radio buttons listed on the page and click Finish to execute the next action Available settings are explained as follows Item Description Go to the VPN Connection Management Click this radio button to access VPN and Remote Access Connection Management for viewing VPN Connection status Do another VPN Server Wizard Setup Click this radio button to set ...

Page 82: ...ted below 1 Open Wireless Wizard 2 The screen of wireless wizard will be shown as follows This page will be used for internal users in a company or your home Available settings are explained as follows Item Description Name Type the SSID name of this router The default name is defined with DrayTek Change the name if required Mode At present the router can connect to 11b Only 11n Only 11g Only Mixe...

Page 83: ...as 012345678 or 64 Hexadecimal digits leading by 0x such as 0x321253abcde Next Click it to get into the next setting page Cancel Exit the wireless wizard without saving any changes 3 After typing the required information click Next The settings in the page limit the wireless station guest accessing into Internet but not being allowed to share the LAN network and VPN connection Available settings a...

Page 84: ...Enable and type the transmitting rate for data upload Default value is 30 000 kbps Total Download Type the transmitting rate for data download Default value is 30 000 kbps Next Click it to get into the next setting page Cancel Exit the wireless wizard without saving any changes 4 After typing the required information click Next 5 The following page will display the configuration summary for wirele...

Page 85: ...are explained as follows Item Description Set VoIP service provider domain VoIP service provider Use the drop down list to choose the ISP which offers the VoIP service for your router SIP Port Use the default setting 5060 Set Account quickly Account Number Name Type the account number name registered to your ISP Password Type the password for the account registered to your ISP Use the same Account...

Page 86: ...ries User s Guide 70 Cancel Click it to give up the quick start wizard 3 After finished the settings above click Next for viewing summary of such connection 4 Click Finish A page of VoIP Wizard Setup OK will appear ...

Page 87: ...o register your Vigor router to MyVigor website for getting more service Please follow the steps below to finish the router registration 1 Please login the web configuration interface of Vigor router by typing admin admin as User Name Password 2 Click Support Area Production Registration from the home page 3 A Login page will be shown on the screen Please type the account and password that you cre...

Page 88: ...page appears please type in Nickname for the router and choose the right registration date from the popup calendar it appears when you click on the box of Registration Date After adding the basic information for the router please click Submit 6 When the following page appears your router information has been added to the database 7 Now you have finished the product registration ...

Page 89: ...d web content filter service by using Service Activation Wizard you can activate the service from this step Please click the serial number link 9 From the Device s Service section click the Trial 10 In the following page check the box of I have read and accept the above Agreement The system will find out the date for you to activate this version of service Then click Next ...

Page 90: ...Vigor2760 Series User s Guide 74 11 When this page appears click Register 12 Wait for a moment until the following page appears 13 Click Close ...

Page 91: ...Ne et tw wo or rk k IP means Internet Protocol Every device in an IP based Network including routers print server and host PCs needs an IP address to identify its location on the network To avoid address conflicts IP addresses are publicly registered with the Network Information Centre NIC Having a unique IP address is mandatory for those devices participated in the public network but not in the p...

Page 92: ...ess will occur to ask for a connection Then a session will be created Your user ID and password is authenticated via PAP or CHAP with RADIUS authentication system And your IP address DNS server and other related information will usually be assigned by your ISP N Ne et tw wo or rk k C Co on nn ne ec ct ti io on n b by y 3 3G G U US SB B M Mo od de em m For 3G mobile communication through Access Poi...

Page 93: ... one of the ISP connections all the traffic will be guided and switched to the normal communication port for proper operation Please configure WAN1 WAN2 and WAN3 settings This webpage allows you to set general setup for WAN1 WAN2 and WAN3 respectively In default WAN2 is disabled If you want to enable it simply click the WAN2 link and select Yes in the field of Enable Available settings are explain...

Page 94: ...Item Description Enable Choose Yes to invoke the settings for this WAN interface Choose No to disable the settings for this WAN interface Display Name Type the description for such interface Physical Mode Display the physical mode of such interface If VDSL2 is detected this field will display VDSL2 if ADSL is detected it will display ADSL DSL Mode Specify the physical mode VDSL or ADSL for such ro...

Page 95: ...he range is form 0 to 4095 Priority Type the packet priority number for such VLAN The range is from 0 to 7 VLAN Tag insertion VDSL2 The settings configured in this field are available for VDSL2 Enable Enable the function of VLAN with tag The router will add specific VLAN number to all packets on the WAN while sending them out Please type the tag value and specify the priority for the packets sendi...

Page 96: ...ion for such WAN interface Physical Mode Display the physical mode of such WAN interface Physical Type You can change the physical type for WAN2 or choose Auto negotiation for determined by the system VLAN Tag insertion Enable Enable the function of VLAN with tag The router will add specific VLAN number to all packets on the WAN while sending them out Please type the tag value and specify the prio...

Page 97: ...USB Modem please configure WAN3 interface Available settings are explained as follows Item Description Enable Choose Yes to invoke the settings for this WAN interface Choose No to disable the settings for this WAN interface Display Name Type the description for such WAN interface Physical Mode Display the physical mode of such WAN interface After finished the above settings click OK to save the se...

Page 98: ...gs are explained as follows Item Description Index Display the WAN interface Display Name It shows the name of the WAN1 WAN2 WAN3 that entered in general setup Physical Mode It shows the physical connection for WAN1 ADSL VDSL2 WAN2 Ethernet WAN3 3G 4G USB Modem according to the real network connection Access Mode Use the drop down list to choose a proper access mode The details page of that mode w...

Page 99: ...information when such function is enabled and configured Enable Disable Enable Disable the function of DHCP Option Each DHCP option is composed by an option number with data For example Option number 100 Data abcd When such function is enabled the specified values for DHCP option will be seen in DHCP reply packets Interface Specify the WAN interface s that will be overwritten by such function WAN4...

Page 100: ...assword and authentication parameters according to the information provided by your ISP Username Type in the username provided by ISP in this field Password Type in the password provided by ISP in this field Index 1 15 in Schedule Setup You can type in four sets of time schedule for your request All the schedules can be set previously in Application Schedule web page and you can use the number tha...

Page 101: ... interface please use WAN IP Alias You can set up to 8 public IP addresses other than the current one you are using Fixed IP Click Yes to use this function and type in a fixed IP address in the box of Fixed IP Address Default MAC Address You can use Default MAC Address or specify another MAC address by typing on the boxes of MAC Address for the router Specify a MAC Address Type the MAC address for...

Page 102: ...lows you to verify whether network connection is alive or not through ARP Detect or Ping Detect Mode Choose ARP Detect or Ping Detect for the system to execute for WAN detection Ping IP If you choose Ping Detect as detection mode you have to type IP address in this field for pinging TTL Time to Live Displays value for your reference TTL value is set by telnet command RIP Protocol Routing Informati...

Page 103: ...uter name provided by ISP Domain Name Type in the domain name that you have assigned Specify an IP address Click this radio button to specify some data IP Address Type in the private IP address Subnet Mask Type in the subnet mask Gateway IP Address Type in gateway IP address Default MAC Address Type in MAC address for the router You can use Default MAC Address or specify another MAC address for yo...

Page 104: ...e the connection through PPTP or L2TP Server Address Specify the IP address of the PPTP L2TP server if you enable PPTP L2TP client mode Specify Gateway IP Address Specify the gateway IP address for DHCP server ISP Access Setup Username Type in the username provided by ISP in this field Password Type in the password provided by ISP in this field Index 1 15 in Schedule Setup You can type in four set...

Page 105: ...t and request In some case your ISP provides service to always assign you the same IP address whenever you request In this case you can fill in this IP address in the Fixed IP field Please contact your ISP before you want to use this function Click Yes to use this function and type in a fixed IP address in the box Fixed IP Address Type a fixed IP address WAN IP Network Settings Obtain an IP addres...

Page 106: ...rameters required by your ISP These settings configured here are specified for ADSL only Multi PVC channel The selections displayed here are determined by the page of Internet Access Multi PVCs Select M PVCs Channel means no selection will be chosen VPI Type in the value provided by ISP VCI Type in the value provided by ISP Encapsulating Type Drop down the list to choose the type provided by ISP P...

Page 107: ...of PPPoE session different with the Host PC to access into Internet Note To have PPPoA Pass through please choose PPPoA protocol and check the box es here The router will behave like a modem which only serves the PPPoE client on the LAN That s the router will offer PPPoA dial up connection WAN Connection Detection Such function allows you to verify whether network connection is alive or not throug...

Page 108: ...ype in the password provided by ISP in this field Separate Account for ADSL In default WAN1 supports VDSL2 ADSL and uses the same PPPoE account and password for connection If required you can configure another account and password for ADSL connection by checking this box If it is checked the system will ask you to type another group of account and password additionally PPP Authentication Select PA...

Page 109: ...the number that you have set in that web page After finishing all the settings here please click OK to activate them D De et ta ai il ls s P Pa ag ge e f fo or r M MP Po oA A S St ta at ti ic c o or r D Dy yn na am mi ic c I IP P i in n W WA AN N1 1 P Ph hy ys si ic ca al l M Mo od de e A AD DS SL L MPoA is a specification that enables ATM services to be integrated with existing LANs which use eit...

Page 110: ...onfigured here are specified for ADSL only Multi PVC channel The selections displayed here are determined by the page of Internet Access Multi PVCs Select M PVCs Channel means no selection will be chosen Encapsulating Drop down the list to choose the type provided by ISP VPI Type in the value provided by ISP VCI Type in the value provided by ISP Modulation Default setting is Multimode Choose the o...

Page 111: ... get the suitable MTU value such as 1500 1492 1484 and etc automatically Detect Click it to detect a suitable MTU value Accept After clicking it the detected value will be displayed in the field of MTU RIP Protocol Routing Information Protocol is abbreviated as RIP RFC1058 specifying how routers exchange routing tables information Click Enable RIP for activating this function Bridge Mode If you ch...

Page 112: ...n the private IP address Subnet Mask Type in the subnet mask Gateway IP Address Type in gateway IP address Default MAC Address Type in MAC address for the router You can use Default MAC Address or specify another MAC address for your necessity Specify a MAC Address Type in the MAC address for the router manually DNS Server IP Address Type in the primary IP address for the router If necessary type ...

Page 113: ... password and authentication parameters according to the information provided by your ISP Username Type in the username provided by ISP in this field The maximum length of the user name you can set is 63 characters Password Type in the password provided by ISP in this field The maximum length of the password you can set is 62 characters Index 1 15 in Schedule Setup You can type in four sets of tim...

Page 114: ...uest In some case your ISP provides service to always assign you the same IP address whenever you request In this case you can fill in this IP address in the Fixed IP field Please contact your ISP before you want to use this function WAN IP Alias If you have multiple public IP addresses and would like to utilize them on the WAN interface please use WAN IP Alias You can set up to 8 public IP addres...

Page 115: ...ider will offer a public subnet If you have a public subnet you could assign an IP address or many IP address to the WAN interface To use Static or Dynamic IP as the accessing protocol of the internet please click the Static or Dynamic IP tab The following web page will be shown Available settings are explained as follows Item Description Enable Disable Click Enable for activating this function If...

Page 116: ...ield for pinging TTL Time to Live Displays value for your reference TTL value is set by telnet command MTU It means Max Transmit Unit for packet The default setting is 1492 RIP Protocol Routing Information Protocol is abbreviated as RIP RFC1058 specifying how routers exchange routing tables information Click Enable RIP for activating this function WAN IP Network Settings This group allows you to o...

Page 117: ...o button to specify some data if you want to use Static IP mode IP Address Type the IP address Subnet Mask Type the subnet mask Gateway IP Address Type the gateway IP address Default MAC Address Click this radio button to use default MAC address for the router Specify a MAC Address Some Cable service providers specify a specific MAC address for access authentication In such cases you need to click...

Page 118: ...n through PPTP or L2TP Server Address Specify the IP address of the PPTP L2TP server if you enable PPTP L2TP client mode Specify Gateway IP Address Specify the gateway IP address for DHCP server ISP Access Setup Username Type in the username provided by ISP in this field The maximum length of the user name you can set is 63 characters Password Type in the password provided by ISP in this field The...

Page 119: ... to it and request In some case your ISP provides service to always assign you the same IP address whenever you request In this case you can fill in this IP address in the Fixed IP field Please contact your ISP before you want to use this function Click Yes to use this function and type in a fixed IP address in the box Fixed IP Address Type a fixed IP address WAN IP Network Settings Obtain an IP a...

Page 120: ... mode for WAN3 The following web page will be shown Available settings are explained as follows Item Description Modem Support List It lists all of the modems supported by such router 3G 4G USB Modem PPP mode Click Enable for activating this function If you click Disable this function will be closed and all the settings that you adjusted in this page will be invalid SIM PIN code Type PIN code of t...

Page 121: ... 63 characters PPP Password Type the PPP password optional The maximum length of the password you can set is 62 characters PPP Authentication Select PAP only or PAP or CHAP for PPP Index 1 15 in Schedule Setup You can type in four sets of time schedule for your request All the schedules can be set previously in Application Schedule web page and you can use the number that you have set in that web ...

Page 122: ...ollows Item Description Modem Support List It lists all of the modems supported by such router 3G 4G USB Modem DHCP mode Click Enable for activating this function If you click Disable this function will be closed and all the settings that you adjusted in this page will be invalid SIM PIN code Type PIN code of the SIM card that will be used to access Internet The maximum length of the PIN code you ...

Page 123: ...cept After clicking it the detected value will be displayed in the field of MTU WAN Connection Detection Such function allows you to verify whether network connection is alive or not through ARP Detect or Ping Detect Mode Choose ARP Detect or Ping Detect for the system to execute for WAN detection If you choose Ping Detect as the detection mode you have to type required settings for the following ...

Page 124: ...e DHCPv6 or Accept RA to acquire the IPv6 prefix address such as 2001 B010 7300 200 64 offered by the ISP In addition PCs under LAN also can have the public IPv6 address for Internet access by means of the generated prefix No need to type any other information for PPP mode Available settings are explained as follows Item Description WAN Connection Detection Such function allows you to verify wheth...

Page 125: ...nel setup protocol client TSPC is an application which could help you to connect to IPv6 network easily Please make sure your IPv4 WAN connection is OK and apply one free account from hexago http gogonet gogo6 com page freenet6 account before you try to use TSPC for network connection TSPC would connect to tunnel broker and requests a tunnel according to the specifications inside the configuration...

Page 126: ... to make the confirmation Tunnel Broker Type the address for the tunnel broker IP FQDN or an optional port number WAN Connection Detection Such function allows you to verify whether network connection is alive or not through Ping Detect Mode Choose Always On or Ping Detect for the system to execute for WAN detection Always On means no detection will be executed The network connection will be on al...

Page 127: ...d assigned with the user name The maximum length of the password you can set is 19 characters Tunnel Broker Type the address for the tunnel broker IP FQDN or an optional port number Tunnel ID One user account may have several tunnels And each tunnel shall have one specified tunnel ID e g T115394 Type the ID offered by Tunnel Broker Subnet Prefix Type the subnet prefix address obtained from service...

Page 128: ...sociation Choose Prefix Delegation or Non temporary Address as the identify association IAID Type a number as IAID WAN Connection Detection Such function allows you to verify whether network connection is alive or not through NS Detect or Ping Detect Mode Choose Always On Ping Detect or NS Detect for the system to execute for WAN detection With NS Detect mode the system will check if network conne...

Page 129: ...ge Mode Enable Bridge Mode If the function is enabled the router will work as a bridge modem Bridge Subnet Make a bridge between the selected LAN subnet and such WAN interface After finished the above settings click OK to save the settings ...

Page 130: ... Available settings are explained as follows Item Description Static IPv6 Address configuration IPv6 Address Type the IPv6 Static IP Address Prefix Length Type the fixed value for prefix length Add Click it to add a new entry Delete Click it to remove an existed entry Current IPv6 Address Table Display current interface IPv6 address Static IPv6 Gateway Configuration IPv6 Gateway Address Type your ...

Page 131: ...he network connection will be on always Ping IP Hostname If you choose Ping Detect as detection mode you have to type IP address in this field for pinging TTL Time to Live If you choose Ping Detect as detection mode you have to type TTL value Bridge Mode Enable Bridge Mode If the function is enabled the router will work as a bridge modem Bridge Subnet Make a bridge between the selected LAN subnet ...

Page 132: ...2002 0 16 So you can use a fixed endpoint rather than any cast endpoint The mode has more reliability Available settings are explained as follows Item Description Remote Endpoint IPv4 Address Type the static IPv4 address for the remote server 6in4 IPv6 Address Type the static IPv6 address for IPv4 tunnel with the value for prefix length LAN Routed Prefix Type the static IPv6 address for LAN routin...

Page 133: ...rd d i in n W WA AN N1 1 W WA AN N2 2 This type allows you to setup 6rd for WAN interface Available settings are explained as follows Item Description 6rd Mode Auto 6rd Retrieve 6rd prefix automatically from 6rd service provider The IPv4 WAN must be set as DHCP Static 6rd Set 6rd options manually IPv4 Border Relay Type the IPv4 addresses of the 6rd Border Relay for a given 6rd domain ...

Page 134: ...erify whether network connection is alive or not through Ping Detect Mode Choose Always On or Ping Detect for the system to execute for WAN detection Always On means no detection will be executed The network connection will be on always Ping IP Hostname If you choose Ping Detect as detection mode you have to type IP address in this field for pinging TTL Time to Live If you choose Ping Detect as de...

Page 135: ... by the Internet Access web user interface and can not be configured here Channels 4 8 are configurable Enable Display whether the settings in this channel are enabled Yes or not No WAN Type Displays the physical medium that the channel will use VPI VCI Display the value for VPI and VCI VLAN Tag Displays the VLAN tag value that will be used for the packets traveling on this channel Port based Brid...

Page 136: ...ded by your ISP Protocol Select a proper protocol for this channel Encapsulation Choose a proper type for this channel The types will be different according to the protocol setting that you choose Add VLAN Header Check the box to enable the following two options VLAN Tag Type the value as the VLAN ID number Valid settings are in the range from 1 to 4095 The network traffic flowing on each channel ...

Page 137: ... to enable Bridge mode for such channel Physical Members Group the physical ports by checking the corresponding check box es for applying the bridge connection After finished the above settings click OK to save the settings WAN links for Channel 4 5 and 6 are provided for router borne application such as TR 069 The settings must be applied and obtained from your ISP For your special request please...

Page 138: ...gs are explained as follows Item Description Multi VLAN Channel 4 5 6 Enable Click it to enable the configuration of this channel Disable Click it to disable the configuration of this channel General Settings VPI Type in the value provided by your ISP ...

Page 139: ...l Members Group the physical ports by checking the corresponding check box es for applying the port based bridge connection Open WAN Interface for this Channel Check the box to enable relating function WAN Application Management It can be specified for general management Web configuration telnet TR069 If you choose Management the configuration for this VLAN will be effective for Web configuration ...

Page 140: ...ed Specify an IP address Click this radio button to specify some data IP Address Type in the private IP address Subnet Mask Type in the subnet mask Gateway IP Address Type in gateway IP address DNS Server IP Address Type in the primary IP address for the router if you want to use Static IP mode If necessary type in secondary IP address for necessity in the future After finished the above settings ...

Page 141: ...l tab After finished the above settings click OK to save the settings 3 3 2 2 L LA AN N Local Area Network LAN is a group of subnets regulated and ruled by router The design of network structure is related to what type of public IP addresses coming from your ISP 3 3 2 2 1 1 B Ba as si ic cs s o of f L LA AN N The most generic function of Vigor router is NAT It creates a private subnet of your own ...

Page 142: ...hould be set as the gateway for public hosts W Wh ha at t i is s R Ro ou ut ti in ng g I In nf fo or rm ma at ti io on n P Pr ro ot to oc co ol l R RI IP P Vigor router will exchange routing information with neighboring routers using the RIP to accomplish IP routing This allows users to change the information of the router such as IP address and the routers will automatically inform for each other...

Page 143: ...resence of RIP W Wh ha at t a ar re e V Vi ir rt tu ua al l L LA AN Ns s a an nd d R Ra at te e C Co on nt tr ro ol l You can group local hosts by physical ports and create up to 8 virtual LANs To manage the communication between different groups please set up rules in Virtual LAN VLAN function and the rate of each ...

Page 144: ...llows Item Description General Setup Allow to configure settings for each subnet respectively Index Display all of the LAN items Status Basically LAN1 status is enabled in default LAN2 LAN6 and IP Routed Subnet can be observed by checking the box of Status DHCP LAN1 is configured with DHCP in default If required please check the DHCP box for each LAN IP Address Display the IP address for each LAN ...

Page 145: ...s helpful for downloading boot loader via network Option Number Type a number for such function DataType Choose the type ASCII or Hex for the data to be stored Data Type the content of the data to be processed by the function of DHCP option Force router to use DNS server IP address Force Vigor router to use DNS servers configured in LAN1 LAN2 LAN3 LAN4 LAN5 LAN6 instead of DNS servers given by the...

Page 146: ...ocol It will lead to a stoppage of the exchange of routing information between routers Default Enable activate the RIP protocol DHCP Server Configuration DHCP stands for Dynamic Host Configuration Protocol The router by factory default acts a DHCP server for your network so it automatically dispatch related IP settings to any local user configured as a DHCP client It is highly recommended that you...

Page 147: ...t of time e g 1 day However even if this client only uses the IP for say 5 minutes the server still reserves 1 day for that client Because a DHCP server only has a limited number of IPs to lease to its DHCP clients soon enough all the IPs will be used out and then no one will be able to get any IPs from this server anymore Therefore this feature is used to get the IP back from inactive clients i e...

Page 148: ... Otherwise the router forwards the DNS query packet to the external DNS server by establishing a WAN e g DSL Cable connection When you finish the configuration please click OK to save and exit this page D De et ta ai il ls s P Pa ag ge e f fo or r L LA AN N1 1 I IP Pv v6 6 S Se et tu up p There are two configuration pages for LAN1 Ethernet TCP IP and DHCP Setup based on IPv4 and IPv6 Setup Click t...

Page 149: ...onfiguration of LAN 1 IPv6 Setup WAN Primary Interface Use the drop down list to specify a WAN interface for IPv6 Static IPv6 Address IPv6 Address Type static IPv6 address for LAN Prefix Length Type the fixed value for prefix length Add Click it to add a new entry Delete Click it to remove an existed entry Unique Local Address ULA configuration Such feature is used for the host without assigned IP...

Page 150: ...efix of the host shall be formed according to RA transmitted by Vigor router DHCPv6 stateful The IP address of the host shall be assigned after communicating with DHCPv6 server for answering the request of client Off No IP address is assigned Other Option O bit Check this box to enable the O bit for obtaining additional information e g DNS from DHCPv6 DHCPv6 Server Enable Server Click it to enable...

Page 151: ...n use Min Max Interval Time sec It defines the interval between minimum time and maximum time for sending RA Router Advertisement packets Default Lifetime sec Within such period of time Vigor2925 can be treated as the default gateway Default Preference It determines the priority of the host behind the router when RA Router Advertisement packets are transmitted MTU It means Max Transmit Unit for pa...

Page 152: ...HCP Server Configuration DHCP stands for Dynamic Host Configuration Protocol The router by factory default acts a DHCP server for your network so it automatically dispatch related IP settings to any local user configured as a DHCP client It is highly recommended that you leave the router enabled as a DHCP server if you do not have a DHCP server for your network Enable Server Let the router assign ...

Page 153: ...erver still reserves 1 day for that client Because a DHCP server only has a limited number of IPs to lease to its DHCP clients soon enough all the IPs will be used out and then no one will be able to get any IPs from this server anymore Therefore this feature is used to get the IP back from inactive clients i e doesn t use the IP but the server still reserves the IP for him DNS Server IP Address D...

Page 154: ...llows Item Description Network Configuration Enable Disable Click Enable to enable such configuration click Disable to disable such configuration For Routing Usage IPAddress Type in private IP address for connecting to a local private network Default 192 168 1 1 Subnet Mask Type in an address code that determines the size of the network Default 255 255 255 0 24 RIP Protocol Control Disable deactiv...

Page 155: ...IP address assigned by DHCP server can be used Use LAN Port Specify an IP for IP Route Subnet If it is enabled DHCP server will assign IP address automatically for the clients coming from P1 and or P2 Please check the box of P1 and P2 Use MAC Address Check such box to specify MAC address MAC Address Enter the MAC Address of the host one by one and click Add to create a list of hosts to be assigned...

Page 156: ...c R Ro ou ut te e f fo or r I IP Pv v4 4 Available settings are explained as follows Item Description Index The number 1 to 10 under Index allows you to open next page to set up static route Destination Address Displays the destination address of the static route Status Displays the status of the static route Set to Factory Default Clear all of the settings and return to factory default settings V...

Page 157: ...ernal Router B 192 168 1 3 have set Main Router 192 168 1 1 as the default gateway for the Router A 192 168 1 2 Before setting Static Route user A cannot talk to user B for Router A can only forward recognized packets to its default gateway Main Router 1 Go to LAN page and click General Setup select 1st Subnet as the RIP Protocol Control Then click the OK button Note There are two reasons that we ...

Page 158: ...follows Item Description Enable Click it to enable this profile Destination IP Address Type an IP address as the destination of such static route Subnet Mask Type the subnet mask for such static route Network Interface Use the drop down list to specify an interface for such static route 3 Return to Static Route Setup page Click on another Index Number to add another static route as show below whic...

Page 159: ...ttings are explained as follows Item Description Index The number 1 to 40 under Index allows you to open next page to set up static route Destination Address Displays the destination address of the static route Status Displays the status of the static route Set to Factory Default Clear all of the settings and return to factory default settings Viewing IPv6 Routing Table Displays the routing table ...

Page 160: ... profile Destination IPv6 Address Prefix Len Type the IP address with the prefix length for this entry Gateway IPv6 Address Type the gateway address for this entry Network Interface Use the drop down list to specify an interface for this static route When you finish the configuration please click OK to save and exit this page ...

Page 161: ... grouping them based on the physical port The multi subnet can let a small businesses have much better isolation for multi occupancy applications Go to LAN page and select VLAN The following page will appear Click Enable to invoke VLAN function Below is an example page in Vigor2760n Note Settings in this page only applied to LAN port but not WAN port Available settings are explained as follows Ite...

Page 162: ...n ng g p po or rt t b ba as se ed d V VL LA AN N f fo or r w wi ir re el le es ss s a an nd d n no on n w wi ir re el le es ss s c cl li ie en nt ts s 1 All the wire network clients are categorized to group VLAN0 in subnet 192 168 1 0 24 LAN1 2 All the wireless network clients are categorized to group VLAN1 in subnet 192 168 2 0 24 LAN2 3 Open LAN VLAN Configuration Check the boxes according to th...

Page 163: ... User s Guide 147 Vigor router supports up to six private IP subnets on LAN Each can be independent isolated or common able to communicate with each other This is ideal for departmental or multi occupancy applications ...

Page 164: ...n Enable Click this radio button to invoke this function However IP MAC which is not listed in IP Bind List also can connect to Internet Disable Click this radio button to disable this function All the settings on this page will be invalid Strict Bind Click this radio button to block the connection of the IP MAC which is not listed in IP Bind List ARP Table This table is the LAN ARP table of this ...

Page 165: ...le or the IP MAC address typed in Add and Edit to the table of IP Bind List Update It allows you to edit and modify the selected IP address and MAC address that you create before Delete You can remove any item listed in IP Bind List Simply click and select the one and click Delete The selected item will be removed from the IP Bind List Backup Store the configuration for Bind IP to MAC as a file Re...

Page 166: ... this feature First it is more economical without other detecting equipments to be set up Second it may be able to view traffic on one or more ports within a VLAN at the same time Third it can transfer all data traffics to be mirrored to one analyzer connect to the mirroring port Last it is more convenient and easy to configure in user s interface Available settings are explained as follows Item D...

Page 167: ...nto the Internet or the desired web page through this router That is a company which wants to have an advertisement for its products to users can specify the URL in this page to reach its goal Each item is explained as follows Item Description Profile Display the number link which allows you to configure the profile Status Display the content Disable URL Redirect or Message of the profile Interfac...

Page 168: ...ore the default content Notice Content given in this field will be displayed on the screen when a web page is redirected by web portal mechanism Position on Screen The content of notice and the defined button can be shown upside Top or downside Bottom the text defined for message body Applied Interfaces Check the box es representing different interfaces to be applied by such profile The advantage ...

Page 169: ... End Displays the IP address for the end of the source IP Dest IP Start Displays the IP address for the start of the destination IP Dest IP End Displays the IP address for the end of the destination IP Dest Port Start Displays the IP address for the start of the destination port Dest Port End Displays the IP address for the end of the destination port Move UP Move Down Use Up or Down link to move ...

Page 170: ...nterface Destination IP Any Any IP can be treated as the destination IP Dest IP Start Type the destination IP start for the specified WAN interface Dest IP End Type the destination IP end for the specified WAN interface If this field is blank it means that all the destination IPs will be passed through the WAN interface 3 Click Next to get the following page Available settings are explained as fol...

Page 171: ...ilable settings are explained as follows Item Description Force NAT Force Routing It determines which mechanism that the router will use to forward the packet to WAN 5 After choosing the mechanism click Next to get the summary page for reference 6 If there is no error click Finish to complete wizard setting ...

Page 172: ...Vigor2760 Series User s Guide 156 ...

Page 173: ... page Available settings are explained as follows Item Description Enable Check this box to enable this policy Protocol Use the drop down menu to choose a proper protocol for the WAN interface Source IP Any Any IP can be treated as the source IP Src IP Range Define a range of IP address as source IP addresses Start Type an address as the starting IP for such ...

Page 174: ...sed through the WAN interface Send to if criteria matched Interface Use the drop down list to choose a WAN or LAN interface or VPN profile Packets match with the above criteria will be transferred to the interface chosen here Gateway IP Specific gateway is used only when you want to forward the packets to the desired gateway Usually Default Gateway is selected in default Priority Packets will be t...

Page 175: ...rofile Gateway IP Specific gateway is used only when you want to forward the packets to the desired gateway Usually Default Gateway is selected in default 3 When you finish the configuration please click OK to save and exit this page 3 3 3 3 2 2 D Di ia ag gn no os se e With the analysis done by such page possible path static route routing table or policy route of the packets sent out of the route...

Page 176: ...TCP ANY Specify a protocol for diagnosis Src IP Type an IP address as the source IP Dst IP Type an IP address as the destination IP Dst Port Use the drop down list to specify the destination port Analyze Click it to perform the job of analyzing The analyzed result will be shown on the page If required click export analysis to export the result as a file Input File Select Click the download link to...

Page 177: ...Vigor2760 Series User s Guide 161 Note that the analysis was based on the current load balance route policy settings we do not guarantee it will be 100 the same as the real case ...

Page 178: ...P address thus you can have only one IP address on behalf of the entire internal hosts Enhance security of the internal network by obscuring the IP address There are many attacks aiming victims based on the IP address Since the attacker cannot be aware of any private IP addresses the NAT function can protect the internal network Note On NAT page you will see the private IP address defined in RFC 1...

Page 179: ... choose Port Redirection web page The Port Redirection Table provides 40 port mapping entries for the internal hosts Each item is explained as follows Item Description Index Display the number of the profile Service Name Display the description of the specific network service WAN Interface Display the WAN IP address used by the profile ...

Page 180: ...nge for the specific service select Range In Range mode if the public port start port and end port and the starting IP of private IP had been entered the system will calculate and display the ending IP of private IP automatically Service Name Enter the description of the specific network service Protocol Select the transport layer protocol TCP or UDP WAN Interface Select the WAN interface used for...

Page 181: ... Note that the router has its own built in services servers such as Telnet HTTP and FTP etc Since the common port numbers of these services servers are all the same you may need to reset the router in order to avoid confliction For example the built in web user interface in the router is with default port 80 which may conflict with the web server in the local network http 192 168 1 13 80 Therefore...

Page 182: ...gle host in the LAN Regular web surfing and other such Internet activities from other clients will continue to work without inappropriate interruption DMZ Host allows a defined internal user to be totally exposed to the Internet which usually helps some special applications such as Netmeeting or Internet Games etc The security properties of NAT are somewhat bypassed if you set up DMZ host We sugge...

Page 183: ...his button and then a window will automatically pop up as depicted below The window consists of a list of private IP addresses of all hosts in your LAN network Select one private IP address in the list to be the DMZ host When you have selected one private IP from the above dialog the IP address will be shown on the following screen Click OK to save the setting DMZ Host for WAN2 or WAN3 is slightly...

Page 184: ...vate IP address of the DMZ host or click Choose PC to select one Choose PC Click this button and then a window will automatically pop up as depicted below The window consists of a list of private IP addresses of all hosts in your LAN network Select one private IP address in the list to be the DMZ host When you have selected one private IP from the above dialog the IP address will be shown on the s...

Page 185: ...ing page Available settings are explained as follows Item Description Index Indicate the relative number for the particular entry that you want to offer service in a local host You should click the appropriate index number to edit or clear the corresponding entry Comment Specify the name for the defined network service Aux WAN IP Display the IP alias setting used by such index If no IP alias setti...

Page 186: ...application service Private IP Enter the private IP address of the local host or click Choose PC to select one Choose PC Click this button and subsequently a window having a list of private IP addresses of local hosts will automatically pop up Select the appropriate IP address of the local host in the list Protocol Specify the transport layer protocol It could be TCP UDP or none for selection Star...

Page 187: ...ton is clicked and the configuration has taken effect open port keeps the ports opened forever Once the OK button is clicked and the configuration has taken effect port triggering will only attempt to open the ports once the triggering conditions are met The duration that these ports are opened depends on the type of protocol used The default durations are shown below and these duration values can...

Page 188: ...g Protocol Display the protocol for the incoming data of such triggering profile Incoming Port Display the port for the incoming data of such triggering profile Status Display if the rule is active or de active Click the index number link to open the configuration page Available settings are explained as follows Item Description Enable Check to enable this entry Service Choose the predefined servi...

Page 189: ...triggering profile Incoming Protocol When the triggering packets received it is expected the incoming packets will use the selected protocol Select the protocol TCP UDP or TCP UDP for the incoming data of such triggering profile Incoming Port Type the port or port range for the incoming packets After finishing all the settings here please click OK to save the configuration ...

Page 190: ...ction SPI tracks packets and denies unsolicited incoming data Selectable Denial of Service DoS Distributed DoS DDoS attacks protection I IP P F Fi il lt te er rs s Depending on whether there is an existing Internet connection or in other words the WAN link status is up or down the IP filter architecture categorizes traffic into two Call Filter and Data Filter Call Filter When there is no existing ...

Page 191: ...em s resource while the vulnerability attacks will try to paralyze the system by offending the vulnerabilities of the protocol or operation system The DoS Defense function enables the Vigor router to inspect every incoming packet based on the attack signature database Any malicious packet that might duplicate itself to paralyze the host in the secure LAN will be strictly blocked and a Syslog messa...

Page 192: ...ilter to VPN incoming packets and Accept incoming fragmented UDP packets Click Firewall and click General Setup to open the general setup page G Ge en ne er ra al l S Se et tu up p P Pa ag ge e Such page allows you to enable disable Call Filter and Data Filter determine general rule for filtering the incoming and outgoing data Available settings are explained as follows Item Description Call Filte...

Page 193: ...mission Such feature is enabled in default All the packets while transmitting through Vigor router will be filtered by firewall If the firewall system e g content filter server does not make any response pass or block for these packets then the router s firewall will block the packets directly Accept routing packet from WAN Usually IPv6 network sessions traffic from WAN to LAN will be blocked by I...

Page 194: ... that do not match with the filter rules Sessions Control The number typed here is the total sessions of the packets that do not match the filter rule configured in this page The default setting is 60000 Quality of Service Choose one of the QoS rules to be applied as firewall rule For detailed information of setting QoS please refer to the related section later APP Enforcement Select an APP Enforc...

Page 195: ... Filter for applying with this router Please set at least one profile for anti virus in CSM Web Content Filter web page first Or choose Create New from the drop down list in this page to create a new profile For troubleshooting needs you can specify to record information for Web Content Filter by checking the Log box It will be sent to Syslog server Please refer to section Syslog Mail Alert for mo...

Page 196: ...x Window size It determines the size of TCP protocol 0 65535 The more the value is the better the performance will be However if the network is not stable small value will be proper Session timeout Setting timeout for sessions can make the best utilization of network resources After finishing all the settings here please click OK to save the configuration ...

Page 197: ...ule Available settings are explained as follows Item Description Filter Rule Click a button numbered 1 7 to edit the filter rule Click the button will open Edit Filter Rule web page For the detailed information refer to the following page Active Enable or disable the filter rule Comment Enter filter set comments description Maximum length is 23 character long Move Up Down Use Up or Down link to mo...

Page 198: ...on LAN to work at certain time interval only You may choose up to 4 schedules out of the 15 schedules pre defined in Applications Schedule setup The default setting of this field is blank and the function will always work Clear sessions when schedule ON Check this box to clear the sessions when the above schedule profiles are applied Direction Set the direction of packet flow It is for Data Filter...

Page 199: ...m in this dialog In addition if you want to use the IP range from defined groups or objects please choose Group and Objects as the Address Type From the IP Group drop down list choose the one that you want to apply Or use the IP Object drop down list to choose the object that you want Service Type Click Edit to access into the following dialog to choose a suitable service type To set the service t...

Page 200: ... Data Filter only Don t care No action will be taken towards fragmented packets Unfragmented Apply the rule to unfragmented packets Fragmented Apply the rule to fragmented packets Too Short Apply the rule only to packets that are too short to contain a complete header Filter Specifies the action to be taken when packets match the rule Block Immediately Packets matching the rule will be dropped imm...

Page 201: ... with this router Please set at least one profile for choosing in CSM URL Content Filter web page first Or choose Create New from the drop down list in this page to create a new profile For troubleshooting needs you can specify to record information for URL Content Filter by checking the Log box It will be sent to Syslog server Please refer to section Syslog Mail Alert for more detailed informatio...

Page 202: ...e codepage please open Syslog From Codepage Information of Setup dialog you will see the recommended codepage listed on the dialog box Window size It determines the size of TCP protocol 0 65535 The more the value is the better the performance will be However if the network is not stable small value will be proper Session timeout Setting timeout for sessions can make the best utilization of network...

Page 203: ...ansmitting through Vigor router will be filtered by firewall settings configured by Vigor router When the resource is inadequate the packets will be blocked if Strict Security Checking is enabled If Strict Security Checking is not enabled then the packets will pass through the router ...

Page 204: ...f two IP filters call filter or data filter You may preset 12 call filters and data filters in Filter Setup and even link them in a serial manner Each filter set is composed by 7 filter rules which can be further defined After that in General Setup you may specify one set for call filter and one set for data filter to execute first ...

Page 205: ...from the Internet has exceeded the defined value the Vigor router will start to randomly discard the subsequent TCP SYN packets for a period defined in Timeout The goal for this is prevent the TCP SYN packets attempt to exhaust the limited resource of Vigor router By default the threshold and timeout values are set to 2000 packets per second and 10 seconds respectively That means when 2000 packets...

Page 206: ...they will be regarded as attack event Block IP options Check the box to activate the Block IP options function The Vigor router will ignore any IP packets with IP option field in the datagram header The reason for limitation is IP option appears to be a vulnerability of the security for the LAN because it will carry significant information such as security TCC closed user group parameters a series...

Page 207: ...ding overlapping packets to the target hosts so that those target hosts will hang once they re construct the packets The Vigor routers will block any packets realizing this attacking activity Block ICMP Fragment Check the box to activate the Block ICMP fragment function Any ICMP packets with more fragment bit set are dropped Block Unassigned Numbers Check the box to activate the Block Unknown Prot...

Page 208: ...Vigor2760 Series User s Guide 192 ...

Page 209: ... select that object group that can apply it For example all the IPs in the same department can be defined with an IP object a range of IP address 3 3 6 6 1 1 I IP P O Ob bj je ec ct t You can set up to 192 sets of IP Objects with different conditions Available settings are explained as follows Item Description Set to Factory Default Clear all profiles Index Display the profile number that you can ...

Page 210: ... or LAN or any IP address If you choose LAN as the Interface here and choose LAN as the direction setting in Edit Filter Rule then all the IP addresses specified with LAN interface will be opened for you to choose in Edit Filter Rule page Address Type Determine the address type for the IP address Select Single Address if this object contains one IP address only Select Range Address if this object ...

Page 211: ...dress Type the end IP address if the Range Address type is selected Subnet Mask Type the subnet mask if the Subnet Address type is selected Invert Selection If it is checked all the IP addresses except the ones listed above will be applied later while it is chosen 4 After finishing all the settings here please click OK to save the configuration Below is an example of IP objects settings ...

Page 212: ...e explained as follows Item Description Set to Factory Default Clear all profiles Index Display the profile number that you can configure Name Display the name of the group profile To set a new profile please do the steps listed below 1 Click the number e g 1 under Index column for configuration in details 2 The configuration page will be shown as follows ...

Page 213: ...ace Choose WAN LAN or Any to display all the available IP objects with the specified interface Available IP Objects All the available IP objects with the specified interface chosen above will be shown in this box Selected IP Objects Click button to add the selected IP objects in this box 3 After finishing all the settings here please click OK to save the configuration ...

Page 214: ...gs are explained as follows Item Description Set to Factory Default Clear all profiles Index Display the profile number that you can configure Name Display the name of the object profile To set a new profile please do the steps listed below 1 Click the number e g 1 under Index column for configuration in details 2 The configuration page will be shown as follows ...

Page 215: ...r IPv6 address Select Any Address if this object contains any IPv6 address Select Mac Address if this object contains Mac address Mac Address Type the MAC address of the network card which will be controlled Start IP Address Type the start IP address for Single Address type End IP Address Type the end IP address if the Range Address type is selected Prefix Len Type the number e g 64 for the prefix...

Page 216: ...llows Item Description Set to Factory Default Clear all profiles Index Display the profile number that you can configure Name Display the name of the group profile To set a new profile please do the steps listed below 1 Click the number e g 1 under Index column for configuration in details 2 The configuration page will be shown as follows Available settings are explained as follows ...

Page 217: ...utton to add the selected IPv6 objects in this box 3 After finishing all the settings please click OK to save the configuration 3 3 6 6 5 5 S Se er rv vi ic ce e T Ty yp pe e O Ob bj je ec ct t You can set up to 96 sets of Service Type Objects with different conditions Available settings are explained as follows Item Description Set to Factory Default Clear all profiles Index Display the profile n...

Page 218: ...t column are available for TCP UDP protocol It can be ignored for other protocols The filter rule will filter out any port number when the first and last value are the same it indicates one port when the first and last values are different it indicates a range for the port and available for this profile when the first and last value are the same it indicates all the ports except the port defined h...

Page 219: ... 6 S Se er rv vi ic ce e T Ty yp pe e G Gr ro ou up p This page allows you to bind several service types into one group Available settings are explained as follows Item Description Set to Factory Default Clear all profiles Index Display the profile number that you can configure Name Display the name of the group profile ...

Page 220: ...ings are explained as follows Item Description Name Type a name for this profile Maximum 15 characters are allowed Available Service Type Objects All the available service objects that you have added on Objects Setting Service Type Object will be shown in this box Selected Service Type Objects Click button to add the selected IP objects in this box 3 After finishing all the settings please click O...

Page 221: ...200 keyword object profiles for choosing as black white list in CSM URL Web Content Filter Profile Available settings are explained as follows Item Description Set to Factory Default Clear all profiles Index Display the profile number that you can configure Name Display the name of the object profile ...

Page 222: ... are explained as follows Item Description Name Type a name for this profile e g game Maximum 15 characters are allowed Contents Type the content for such profile For example type gambling as Contents When you browse the webpage the page with gambling information will be watched out and be passed blocked based on the configuration on Firewall settings 3 After finishing all the settings please clic...

Page 223: ...in CSM URL Web Content Filter Profile Available settings are explained as follows Item Description Set to Factory Default Clear all profiles Index Display the profile number that you can configure Name Display the name of the group profile To set a new profile please do the steps listed below 1 Click the number e g 1 under Index column for configuration in details 2 The configuration page will be ...

Page 224: ...he selected Keyword objects in this box 3 After finishing all the settings please click OK to save the configuration 3 3 6 6 9 9 F Fi il le e E Ex xt te en ns si io on n O Ob bj je ec ct t This page allows you to set eight profiles which will be applied in CSM URL Content Filter All the files with the extension names specified in these profiles will be processed according to the chosen action Avai...

Page 225: ...ls 2 The configuration page will be shown as follows Available settings are explained as follows Item Description Profile Name Type a name for this profile The maximum length of the name you can set is 7 characters 3 Type a name for such profile and check all the items of file extension that will be processed in the router Finally click OK to save this profile ...

Page 226: ... Each item is explained as follows Item Description Set to Factory Default Clear all of the settings and return to factory default settings Index Display the profile number that you can configure Profile Display the name for such SMS profile SMS Provider Display the service provider which offers SMS service To set a new profile please do the steps listed below 1 Click the SMS Provider tab and clic...

Page 227: ...n use to register to selected SMS provider The maximum length of the name you can set is 31 characters Password Type a password that the sender can use to register to selected SMS provider The maximum length of the password you can set is 31 characters Quota Type the number of the credit that you purchase from the service provider chosen above Note that one credit equals to one SMS text message on...

Page 228: ...to make customized SMS service The profile name for Index 9 and Index 10 are fixed You can click the number e g 9 under Index column for configuration in details Available settings are explained as follows Item Description Profile Name Display the name of this profile It cannot be modified Service Provider Type the website of the service provider Type the URL string in the box under the filed of S...

Page 229: ...he router will send out Sending Interval Type the shortest time interval for the system to send SMS After finishing all the settings here please click OK to save the configuration M Ma ai il l S Se er rv vi ic ce e O Ob bj je ec ct t This page allows you to set ten profiles which will be applied in Application SMS Mail Alert Service Each item is explained as follows Item Description Set to Factory...

Page 230: ...e mail server The maximum length of the name you can set is 63 characters SMTP Port Type the port number for SMTP server Sender Address Type the e mail address of the sender Use SSL Check this box to use port 465 for SMTP server for some e mail server uses https as the transmission method Authentication The mail server must be authenticated with the correct username and password to have the right ...

Page 231: ...3 3 6 6 1 11 1 N No ot ti if fi ic ca at ti io on n O Ob bj je ec ct t This page allows you to set ten profiles which will be applied in Application SMS Mail Alert Service You can set an object with different monitoring situation To set a new profile please do the steps listed below 1 Open Object Setting Notification Object and click the number e g 1 under Index column for configuration in details...

Page 232: ...tion Profile Name Type a name for such notification profile The maximum length of the name you can set is 15 characters Category Display the types that will be monitored Status Display the status for the category You can check the box you want to be monitored 3 After finishing all the settings here please click OK to save the configuration ...

Page 233: ...g Because it checks the URL strings or some of HTTP data hiding in the payload of TCP packets while legacy firewall inspects packets based on the fields of TCP IP headers only On the other hand Vigor router can prevent user from accidentally downloading malicious codes from web pages It s very common that malicious codes conceal in the executable objects such as ActiveX Java Applet compressed file...

Page 234: ...ied in Default Rule of Firewall General Setup for filtering Available settings are explained as follows Item Description Set to Factory Default Clear all profiles Profile Display the number of the profile which allows you to click to set different policy Name Display the name of the APP Enforcement Profile Click the number under Index column for settings in detail There are four tabs IM P2P Protoc...

Page 235: ...for the CSM profile The maximum length of the name you can set is 15 characters Select All Click it to choose all of the items in this page Clear All Uncheck all the selected boxes The profiles configured here can be applied in the Firewall General Setup and Firewall Filter Setup pages as the standard for the host s to follow Below shows the items which are categorized under IM ...

Page 236: ...Vigor2760 Series User s Guide 220 The items categorized under P2P The items categorized under OTHERS ...

Page 237: ...er performing the APPE signature automatically Available settings are explained as follows Item Description Upgrade Setting APPE Module Version Display current version status of APPE signature New version from the Internet Download button is available only when Vigor router detects new APPE version After clicking it a dialog will appear with information added to such new version Click OK to exit t...

Page 238: ...an also provide a job related only environment hence to increase the employee work efficiency How can URL Content Filter work better than traditional firewall in the field of filtering Because it checks the URL strings or some of HTTP data hiding in the payload of TCP packets while legacy firewall inspects packets based on the fields of TCP IP headers only On the other hand Vigor router can preven...

Page 239: ...URL Content Filter Profile Administration Message You can type the message manually for your necessity Default Message You can type the message manually for your necessity or click this button to get the default message which will be displayed on the field of Administration Message You can set eight profiles as URL content filter Simply click the index number under Profile to open the following we...

Page 240: ... function can determine the priority for the actions executed For this one the router will process the packages with the conditions set below for URL first then Web feature second Either Web Feature First When all the packages matching with the conditions specified in URL Access Control and Web Feature below such function can determine the priority for the actions executed For this one the router ...

Page 241: ...be processed with reverse action Exception List Specify the object profile s as the exception list which will be processed in an opposite manner to the action selected above Group Object Selections The Vigor router provides several frames for users to define keywords and each frame supports multiple keywords The keyword could be a noun a partial noun or a complete URL string Multiple keywords with...

Page 242: ...r router using Service Activation Wizard by means of CSM Web Content Filter Profile or via System Maintenance Activation Service Activation Wizard allows you to use trial version or update the license of WCF directly without accessing into the server MyVigor located on http myvigor draytek com However if you use the Web Content Filter Profile page to activate WCF feature it is necessary for you to...

Page 243: ...s Item Description Activate Click it to access into MyVigor for activating WCF service Setup Query Server It is recommended for you to use the default setting auto selected You need to specify a server for categorize searching when you type URL in browser based on the web content filter profile Setup Test Server It is recommended for you to use the default setting auto selected Find more Click it ...

Page 244: ...ized for a short time about 1 second in the router When the user tries to access the same destination ID the router will check it by comparing the record stored If it matches the page will be retrieved quickly Such item can provide URL matching with the fastest rate L1 L2 Cache the router will check the URL with fast processing rate combining the feature of L1 and L2 Eight profiles are provided he...

Page 245: ...ing into the corresponding webpage with the characters listed on Group Object Selections If the web pages do not match with the specified feature set here they will be processed with the categories listed on the box below Action Pass allow accessing into the corresponding webpage with the categories listed on the box below Block restrict accessing into the corresponding webpage with the categories...

Page 246: ...filter the packets therefore WCF license must be activated first Otherwise DNS filter does not have any effect on packets Available settings are explained as follows Item Description DNS Filter Profile Table It displays a list of different DNS filter profiles with specified WCF and UCF Click the profile link to open the following page Then type the name of the profile and specify WCF UCF based on ...

Page 247: ...ck Page If such function is enabled when DNS packets are blocked by DNS filter a web page containing the description listed on Administration Message will be shown on the screen Administration Message Type the words or sentences which will be displayed when a web page is blocked by Vigor router You can type the message manually for your necessity or click Default Message button to get the default ...

Page 248: ... applications e g BitTorrent always need many sessions for procession and also they will occupy over resources which might result in important accesses impacted To solve the problem you can use limit session to limit the session procession for specified Hosts In the Bandwidth Management menu click Sessions Limit to open the web page To activate the function of limit session simply click Enable and...

Page 249: ...ault session limit for the specific limitation you set for each index Add Adds the specific session limitation onto the list above Edit Allows you to edit the settings for the selected limitation Delete Remove the selected settings existing on the limitation list Administration Message Type the words which will be displayed when reaches the maximum number of Internet sessions permitted Default Mes...

Page 250: ...page To activate the function of limit bandwidth simply click Enable and set the default upstream and downstream limit Available settings are explained as follows Item Description Bandwidth Limit Enable Click this button to activate the function of limit bandwidth IP Routed Subnet Check this box to apply the bandwidth limit to the second subnet specified in LAN General Setup Disable Click this but...

Page 251: ...he speed of the downstream If you do not set the limit in this field the system will use the default speed for the specific limitation you set for each index Add Add the specific speed limitation onto the list above Edit Allow you to edit the settings for the selected limitation Delete Remove the selected settings existing on the limitation list Smart Bandwidth Limit Check this box to have the ban...

Page 252: ... to queues and associated service types The basic QoS implementation in Vigor routers is to classify and schedule packets based on the service type information in the IP header For instance to ensure the connection with the headquarter a teleworker may enforce an index of QoS Control to reserve bandwidth for HTTPS connection while using lots of application at the same time One more larger scale im...

Page 253: ...lable for such function or not Bandwidth Display the inbound and outbound bandwidth setting for the WAN interface Direction Display which direction that such function will influence Class 1 Class2 Class 3 Others Display the bandwidth percentage for each class UDP Bandwidth Control Display the UDP bandwidth control is enabled or not Online Statistics Display an online statistics for quality of serv...

Page 254: ... Service Type for the Class Rule for your request O On nl li in ne e S St ta at ti is st ti ic cs s Display an online statistics for quality of service for your reference This feature is available only when the Quality of Service for WAN interface is enabled G Ge en ne er ra al l S Se et tu up p f fo or r W WA AN N I In nt te er rf fa ac ce e When you click Setup you can configure the bandwidth ra...

Page 255: ...AN2 WAN3 For example if your ADSL supports 1M of downstream and 256K upstream please set 1000kbps for this box The default value is 10000kbps WAN Outbound Bandwidth It allows you to set the connecting rate of data output for WAN2 WAN3 For example if your ADSL supports 1M of downstream and 256K upstream please set 256kbps for this box The default value is 10000kbps Reserved Bandwidth Ratio It is re...

Page 256: ...bound must be smaller than the real bandwidth to ensure correct calculation of QoS It is suggested to set the bandwidth value for inbound outbound as 80 85 of physical network speed provided by ISP to maximize the QoS performance E Ed di it t t th he e C Cl la as ss s R Ru ul le e f fo or r Q Qo oS S 1 The first three Class 1 to Class 3 class rules can be adjusted for your necessity To add edit or...

Page 257: ...dress For Single Address you have to fill in Start IP address For Range Address you have to fill in Start IP address and End IP address For Subnet Address you have to fill in Start IP address and Subnet Mask DiffServ CodePoint All the packets of data will be divided with different levels and will be processed according to the level type by the system Please assign one of the levels of the data for...

Page 258: ...xisted rule please select the radio button of that one and click Edit to open the rule edit page for modification E Ed di it t t th he e S Se er rv vi ic ce e T Ty yp pe e f fo or r C Cl la as ss s R Ru ul le e 1 To add a new service type edit or delete an existed service type please click the Edit link under Service Type field 2 After you click the Edit link you will see the following page ...

Page 259: ... service Port Configuration Type Click Single or Range as the Type If you select Range you have to type in the starting port number and the end porting number on the boxes below Port Number Type in the starting port number and the end porting number here if you choose Range as the type 5 After finishing all the settings here please click OK to save the configuration By the way you can set up to 10...

Page 260: ... packets sent out through WAN interface all of them will be tagged with certain header and that will be easily to be identified by server on ISP For example in the following illustration the VoIP packets in LAN go into Vigor router without any header However when they go forward to the Server on ISP through Vigor router all of the packets are tagged with AF configured in Bandwidth QoS Class automa...

Page 261: ...Outbond bandwidth and bandwidth ratio Vigor router can perform the bandwidth management for the protocols streaming remote control web HD and so on Click Bandwidth Management APP QoS to open the following page Available settings are explained as follows Item Description Enable Disable Click Enable to activate APP QoS function Click Disable to deactivate APP QoS function Traceable The protocol list...

Page 262: ... Choose one of the actions from the drop down list It is prepared for applying to all protocols Apply Click it to make the selected action be applied all of the selected protocols immediately Action There are many protocols which can be specified with different QoS Class After finishing all the settings here please click OK to save the configuration ...

Page 263: ...al virtual servers from the Internet It is particularly helpful if you host a web server FTP server or other server behind the router Before you use the Dynamic DNS feature you have to apply for free DDNS service to the DDNS service providers The router provides up to three accounts from three different DDNS service providers Basically Vigor routers are compatible with the DDNS services supplied b...

Page 264: ...if this account is active or inactive 3 Select Index number 1 to add an account for the router Check Enable Dynamic DNS Account and choose correct Service Provider dyndns org type the registered hostname hostname and domain name suffix dyndns org in the Domain Name block The following two blocks should be typed your account Login Name test and Password test Available settings are explained as foll...

Page 265: ...ch function to locate the real WAN IP When the WAN IP used by Vigor router is private IP this function can detect the public IP used by the NAT router and use the detected IP address for DDNS update There are two methods offered for you to choose WAN IP If it is selected and the WAN IP of Vigor router is private DDNS update will take place right away Internet IP If it is selected and the WAN IP of...

Page 266: ... another DNS server in LAN With such feature the user can configure some services such as ftp www or database with domain name which is easy to be accessed Simply click Application LAN DNS to open the following page Each item is explained as follows Item Description Set to Factory Default Clear all profiles and recover to factory settings Enable Check the box to enable the selected profile ...

Page 267: ...ex 1 are shown below Available settings are explained as follows Item Description Enable Check this box to enable such profile Profile Type a name for such profile Note If you type a name here for LAN DNS and click OK to save the configuration the name also will be applied to conditional DNS forwarding automatically Domain Name Type the domain name for such profile IP Address List The IP address l...

Page 268: ...S profile just created Or you can click index 2 to use this profile as conditional DNS forwarding Available settings are explained as follows Item Description Enable Check this box to enable such profile Profile Type a name for such profile Note If you type a name here for conditional DNS forwarding and click OK to save the configuration the name also will be applied to LAN DNS automatically Domai...

Page 269: ...lock to current time of your PC The clock will reset once if you power down or reset the router There is another way to set up time You can inquiry an NTP server a time server on the Internet to synchronize the router s clock This method can only be applied when the WAN connection has been built up Available settings are explained as follows Item Description Set to Factory Default Clear all profil...

Page 270: ...always on Force Down Force the connection to be always down Enable Dial On Demand Specify the connection to be dial on demand and the value of idle timeout should be specified in Idle Timeout field Disable Dial On Demand Specify the connection to be up when it has traffic on the line Once there is no traffic over idle timeout the connection will be down and never up again during the schedule Idle ...

Page 271: ... 9 00 am to 6 00 pm 1 Make sure the PPPoE connection and Time Setup is working properly 2 Configure the PPPoE always on from 9 00 to 18 00 for whole week 3 Configure the Force Down from 18 00 to next day 9 00 for whole week 4 Assign these two profiles to the PPPoE Internet access profile Now the PPPoE Internet connection will follow the schedule order to perform Force On or Force Down action accor...

Page 272: ...ation It enables centralized remote access authentication for network management Available settings are explained as follows Item Description Enable Check to enable RADIUS client feature Server IP Address Enter the IP address of RADIUS server Destination Port The UDP port number that the RADIUS server is using The default value is 1812 based on RFC 2138 Shared Secret The RADIUS server and client s...

Page 273: ...nquire and modify the information within the directory and acquire the data in the directory securely therefore users can apply LDAP to search or list the directory object inquire or manage the active directory 3 3 9 9 5 5 1 1 G Ge en ne er ra al l S Se et tu up p This page allows you to enable the function and specify general settings for LDAP server Available settings are explained as follows It...

Page 274: ...e port number specified for SSL Regular DN Type this setting if Regular Mode is selected as Bind Type Regular Password Specify a password if Regular Mode is selected as Bind Type After finished the above settings click OK button to save the settings 3 3 9 9 5 5 2 2 P Pr ro of fi il le es s You can configure eight AD LDAP profiles These profiles would be used with User Management for different purp...

Page 275: ...tup After finished the above settings click OK to save and exit this page A new profile has been created 3 3 9 9 6 6 U UP Pn nP P The UPnP Universal Plug and Play protocol is supported to bring to network connected devices the ease of installation and configuration which is already available for directly connected PC peripherals with the existing Windows Plug and Play system For NAT routers the ma...

Page 276: ...accessing ability of some network ports Security Considerations Activating the UPnP function on your network may incur some security threats You should consider carefully these risks before activating the UPnP function Some Microsoft operating systems have found out the UPnP weaknesses and hence you need to ensure that you have applied the latest service packs and patches Non privileged users can ...

Page 277: ...addition such function is available in NAT mode Enable Snooping Check this box to enable this function Multicast traffic will be forwarded to ports that have members of that group Disabling IGMP snooping will make multicast traffic treated in the same manner as broadcast traffic Refresh Click this link to renew the working multicast group status Group ID This field displays the ID port for the mul...

Page 278: ...able settings are explained as follows Item Description Wake by Two types provide for you to wake up the bound IP If you choose Wake by MAC Address you have to type the correct MAC address of the host in MAC Address boxes If you choose Wake by IP Address you have to choose the correct IP address IP Address The IP addresses that have been configured in Firewall Bind IP to MAC will be shown in this ...

Page 279: ... what the content is and when the SMS will be sent Available settings are explained as follows Item Description Index Check the box to enable such profile SMS Provider Use the drop down list to choose SMS service provider You can click SMS Provider link to define the SMS server Recipient Type the name of the one who will receive the SMS Notify Use the drop down list to choose a message profile The...

Page 280: ...e provider You can click Mail Service link to define the mail server Recipient Type the e mail address of the one who will receive the notification message Notify Use the drop down list to choose a message profile The recipient will get the content stated in the message profile You can click the Notify Profile link to define the content of the mail message Schedule Type the schedule number that th...

Page 281: ...n e g IP setting If the host and user s computer have the plug in bonjour driver install they can utilize the service offered by the router by clicking the router name icon In short what the Clients users need to know is the name of the router only To enable the Bonjour service click Application Bonjour to open the following page Check the box es of the server service s that you want to share to t...

Page 282: ...ur and DNSSD have been installed you can open the web page DNSSD and see the following results 3 Open System Maintenance Management Type a name e g Dray_2925 as the Router Name and click OK 4 Next open Applications Bonjour Check the service that you want to use via Bonjour ...

Page 283: ...le items will be changed as the follows It means the Vigor router based on Bonjour protocol is ready to be used as a printer server FTP server SSH Server Telnet Server and HTTP Server 6 Now any page or document can be printed out through Vigor router installed with a printer ...

Page 284: ...ic network in a manner that emulates the properties of a point to point private link Below shows the menu items for VPN and Remote Access 3 3 1 10 0 1 1 R Re em mo ot te e A Ac cc ce es ss s C Co on nt tr ro ol l Enable the necessary VPN service as you need If you intend to run a VPN server inside your LAN you should disable the VPN service of Vigor Router to allow VPN tunnel pass through as well ...

Page 285: ...presents that the MPPE encryption method will be optionally employed in the router for the remote dial in user If the remote dial in user does not support the MPPE encryption algorithm the router will transmit no MPPE encrypted packets Otherwise the MPPE encryption scheme will be used to encrypt the data Require MPPE 40 128bits Selecting this option will force the router to encrypt packets by usin...

Page 286: ...adius or LDAP Authentication If PPP connection will be authenticated via RADIUS server or LDAP profiles it is necessary to specify the LAN profile for the dial in user to get IP from After finishing all the settings here please click OK to save the configuration 3 3 1 10 0 3 3 I IP Ps se ec c G Ge en ne er ra al l S Se et tu up p In IPsec General Setup there are two major parts of configuration Th...

Page 287: ...d This usually applies to those are remote dial in user or node LAN to LAN which uses dynamic IP address and IPsec related VPN c There are two methods offered by Vigor router for you to authenticate the incoming data coming from remote dial in user Certificate X 509 and Pre Shared Key Certificate for Dial in Choose one of the local certificates from the drop down list Pre Shared Key Specify a key ...

Page 288: ...he router provides 32 entries of digital certificates for peer dial in users Available settings are explained as follows Item Description Set to Factory Default Click it to clear all indexes Index Click the number below Index to access into the setting page of IPsec Peer Identity Name Display the profile name of that index Click each index to edit one peer digital certificate There are three secur...

Page 289: ...ick to check one specific field of digital signature to accept the peer with matching value The field can be IP Address Domain or E mail Address The box under the Type will appear according to the type you select and ask you to fill in corresponding setting Accept Subject Name Click to check the specific fields of digital signature to accept the peer with matching value The field includes Country ...

Page 290: ...ows the summary table Available settings are explained as follows Item Description Set to Factory Default Click to clear all indexes Index Click the number below Index to access into the setting page of Remote Dial in User User Display the username for the specific dial in user of the LAN to LAN profile The symbol represents that the profile is empty Active Check the box to activate such profile S...

Page 291: ...set the User Name and Password of remote dial in user below IPsec Tunnel Allow the remote dial in user to make an IPsec VPN connection through Internet L2TP with IPsec Policy Allow the remote dial in user to make a L2TP VPN connection through the Internet You can select to use L2TP alone or with IPsec Select from below None Do not apply the IPsec policy Accordingly the VPN connection employed the ...

Page 292: ...ect PPTP or L2TP with or without IPsec policy above The length of the name is limited to 23 characters Password This field is applicable when you select PPTP or L2TP with or without IPsec policy above The length of the password is limited to 19 characters Enable Mobile One Time Passwords mOTP Check this box to make the authentication with mOTP function PIN Code Type the code for authentication e g...

Page 293: ...d AES Local ID Optional Specify a local ID to be used for Dial in setting in the LAN to LAN Profile setup This item is optional and can be used only in IKE aggressive mode After finishing all the settings here please click OK to save the configuration 3 3 1 10 0 6 6 L LA AN N t to o L LA AN N Here you can manage LAN to LAN connections by maintaining a table of connection profiles You may set param...

Page 294: ...ual profiles The symbol V and X represent the profile to be active and inactive respectively To edit each profile 1 Click each index to edit each profile and you will get the following page Each LAN to LAN profile includes 4 subgroups If the fields gray out it means you may leave it untouched The following explanations will guide you to fill all the necessary fields For the web page is too long we...

Page 295: ...ailed the router will use WAN2 for VPN connection WAN2 Only Only establish VPN if WAN1 down If WAN1 failed the router will use WAN2 for VPN connection Netbios Naming Packet Pass click it to have an inquiry for data transmission between the hosts located on both sides of VPN Tunnel while connecting Block When there is conflict occurred between the hosts on both sides of VPN Tunnel in connecting suc...

Page 296: ...onnection to the server through the Internet You should set the identity like User Name and Password below for the authentication of remote server IPsec Tunnel Build an IPsec VPN connection to the server through Internet L2TP with IPsec Policy Build a L2TP VPN connection through the Internet You can select to use L2TP alone or with IPsec Select from below None Do not apply the IPsec policy Accordi...

Page 297: ...s a must for IPsec Tunnels and L2TP with IPsec Policy Medium AH Authentication Header means data will be authenticated but not be encrypted By default this option is active High ESP Encapsulating Security Payload means payload data will be encrypted and authenticated Select from below DES without Authentication Use DES encryption algorithm and not apply any authentication scheme DES with Authentic...

Page 298: ...ions are available for both modes We suggest you select the combination that covers the most algorithms IKE phase 1 key lifetime For security reason the lifetime of key should be defined The default value is 28800 seconds You may specify a value in between 900 and 86400 seconds IKE phase 2 key lifetime For security reason the lifetime of key should be defined The default value is 3600 seconds You ...

Page 299: ...th IPsec Policy Allow the remote dial in user to make a L2TP VPN connection through the Internet You can select to use L2TP alone or with IPsec Select from below None Do not apply the IPsec policy Accordingly the VPN connection employed the L2TP without IPsec policy can be viewed as one pure L2TP connection Nice to Have Apply the IPsec policy first if it is applicable during negotiation Otherwise ...

Page 300: ...when you select IPsec tunnel either with or without specify the IP address of the remote node Pre Shared Key Check the box of Pre Shared Key to invoke this function and type in the required characters 1 63 as the pre shared key Digital Signature X 509 Check the box of Digital Signature to invoke this function and select one predefined Profiles set in the VPN and Remote Access IPsec Peer Identity L...

Page 301: ...dd a static route to direct all traffic destined to this Remote Network IP Address Remote Network Mask through the VPN connection For IPsec this is the destination clients IDs of phase 2 quick mode Local Network IP Local Network Mask Display the local network IP and mask for TCP IP configuration You can modify the settings if required More Add a static route to direct all traffic destined to more ...

Page 302: ...ork Mask Add a static route to direct all traffic destined to this Remote Network IP Address Remote Network Mask through the VPN connection For IPSec this is the destination clients IDs of phase 2 quick mode Translated Local Network This function is enabled in default Use the drop down list to specify a LAN port as the transferred direction Then specify an IP address Click Advanced to configure de...

Page 303: ...n find the summary table of all VPN connections You may disconnect any VPN connection by clicking Drop button You may also aggressively Dial out by using Dial out Tool and clicking Dial button Available settings are explained as follows Item Description Dial out Tool Dial Click this button to execute dial out function Refresh Seconds Choose the time for refresh the dial information among 5 10 and ...

Page 304: ... issued by those trusted CA servers Here you can manage generate and manage the local digital certificates and set trusted CA certificates Remember to adjust the time of Vigor router before using the certificate so that you can get the correct valid period of certificate Below shows the menu items for Certificate Management 3 3 1 11 1 1 1 L Lo oc ca al l C Ce er rt ti if fi ic ca at te e Available...

Page 305: ...t name Then click GENERATE again Please be noted that Common Name must be configured with router s WAN IP or domain name After clicking GENERATE the generated information will be displayed on the window below I IM MP PO OR RT T Vigor router allows you to generate a certificate request and submit it the CA server then import it as Local Certificate If you have already gotten a certificate from a th...

Page 306: ...e which is generated by Vigor router and signed by CA server If you have done well in certificate generation the Status of the certificate will be shown as OK Upload PKCS12 Certificate It allows users to import the certificate whose extensions are usually pfx or p12 And these certificates usually need passwords Note that PKCS12 is a standard for storing private keys and certificates securely It is...

Page 307: ... trusted root certificate authority Root CA will be used to authenticate the digital certificates offered by both ends However the procedure of applying digital certificate from a trusted root certificate authority is complicated and time consuming Therefore Vigor router offers a mechanism which allows you to generate root CA to save time and provide convenience for general user Later such root CA...

Page 308: ... the following window Use Browse to find out the saved text file Then click Import The one you imported will be listed on the Trusted CA Certificate window For viewing each trusted CA certificate click View to open the certificate detail information window If you want to delete a CA certificate choose the one and click Delete to remove all the certificate information ...

Page 309: ...rtificate for this router can be saved within one file Please click Backup on the following screen to save them If you want to set encryption password for these certificates please type characters in both fields of Encrypt password and Retype password Also you can use Restore to retrieve these two settings to the router whenever you want ...

Page 310: ...lowing them This is very similar to a URL so some may call it SIP URL SIP supports peer to peer direct calling and also calling via a SIP proxy server a role similar to the gatekeeper in H 323 networks while the MGCP protocol uses client server architecture the calling scenario being very similar to the current PSTN network After a call is setup the voice streams transmit via RTP Real Time Transpo...

Page 311: ...ling you have to know your friend s IP Address The Vigor VoIP Routers will build connection between each other Our Vigor V models firstly apply efficient codecs designed to make the best use of available bandwidth but Vigor V models also equip with automatic QoS assurance QoS Assurance assists to assign high priority to voice traffic via Internet You will always have the required inbound and outbo...

Page 312: ...age appears for you to configure secure phone IP call and set NAT Traversal Setting RTP for the VoIP function Available settings are explained as follows Item Description NAT Traversal Setting STUN Server Type in the IP address or domain of the STUN server External IP Type in the gateway IP address SIP PING interval The default value is 150 sec It is useful for a Nortel server NAT Traversal Suppor...

Page 313: ...RTP Port Start Specifies the start port for RTP stream The default value is 10050 Dynamic RTP Port End Specifies the end port for RTP stream The default value is 15000 RTP TOS It decides the level of VoIP package Use the drop down list to choose any one of them IP Call Enable IP Call It allows that a user could dial outgoing IP Calls and Vigor router could receive the incoming IP Calls ...

Page 314: ...tion items for Ring Port will differ according to the router you have Available settings are explained as follows Item Description Index Click this link to access into next page for setting SIP account Profile Display the profile name of the account Domain Realm Display the domain name or IP address of the SIP registrar server Proxy Display the domain name or IP address of the SIP proxy server Acc...

Page 315: ...lows user to use VoIP function without registering For such server please check the box of Call without Registration Choosing Auto is recommended The system will select a proper way for your VoIP call SIP Port Set the port number for sending receiving SIP message for building a session The default value is 5060 Your peer must set the same value in his her Registrar Domain Realm Set the domain name...

Page 316: ... Support If the router e g broadband router you use connects to internet by other device you have to set this function for your necessity None Disable this function Stun Choose this option if there is Stun server provided for your router Manual Choose this option if you want to specify an external IP address as the NAT transversal support Nortel If the soft switch that you use supports Nortel solu...

Page 317: ...your upstream speed is only 64Kbps do not use G 711 codec It is better for you to have at least 256Kbps upstream if you would like to use G 711 Single Codec If the box is checked only the selected Codec will be applied Packet Size The amount of data contained in a single packet The default value is 20 ms which means the data packet will contain 20 ms voice information Voice Active Detector This fu...

Page 318: ...ngs P Ph ho on ne e B Bo oo ok k In this section you can set your VoIP contacts in the phonebook It can help you to make calls quickly and easily by using speed dial Phone Number There are total 60 index entries in the phonebook for you to store all your friends and family members SIP addresses Loop through and Backup Phone Number will be displayed if you are using Vigor router for setting the pho...

Page 319: ...the successful connection can be assured Loop through Choose PSTN to enable loop through function Backup Phone Number When the VoIP phone is obstructs or the Internet breaks down for some reasons the backup phone will be dialed out to replace the VoIP phone number At this time the phone call will be changed from VoIP phone into PSTN call according to the loop through direction chosen Note that dur...

Page 320: ... replace Mode None No action Add When you choose this mode the OP number will be added with the prefix number for calling out through the specific VoIP interface Strip When you choose this mode the OP number will be deleted by the prefix number for calling out through the specific VoIP interface Take the above picture Prefix Table Setup web page as an example the OP number of 886 will be deleted c...

Page 321: ...b page as an example if the dial number is between 7 and 9 that number can apply the prefix number settings here Max Len Set the maximum length of the dial number for applying the prefix number settings Route Choose the one that you want to enable the prefix number settings from the saved SIP accounts Please set up one SIP account first to make this interface available This item will be changed ac...

Page 322: ...r2760 Series User s Guide 306 C Ca al ll l B Ba ar rr ri in ng g Call barring is used to block phone calls coming from the one that is not welcomed Click any index number to display the dial plan setup page ...

Page 323: ...ed schedules Refer to section Applications Schedule for detailed configuration Additionally you can set advanced settings for call barring such as Block Anonymous Block Unknown Domain or Block IP Address Simply click the relational links to open the web page For Block Anonymous this function can block the incoming calls without caller ID on the interface Phone port specified in the following windo...

Page 324: ...l Return In You have finished an incoming phone call however you want to call back again for some reason Please dial number typed in this field to call back to that one Last Call Return Out Dial the number typed in this field to call the previous outgoing phone call again Call Forward All Act Dial the number typed in this field to forward all the incoming calls to the specified place Call Forward ...

Page 325: ...field to release this function Block Anonymous Act Dial the number typed in this field to block all the incoming calls with unknown ID Block Anonymous Deact Dial the number typed in this field to release this function Block Unknown Domain Act Dial the number typed in this field to block all the incoming calls from unknown domain Block Unknown Domain Deact Dial the number typed in this field to rel...

Page 326: ...through PSTN line only To solve this problem this page allows you to set five sets of PSTN number for dialing without passing through Internet Check the Enable box to make the PSTN number available for dial whenever you need and type the number in the field of phone number for PSTN relay After finishing all the settings here please click OK to save the configuration ...

Page 327: ...STN phones Call Feature A brief description for call feature will be shown in this field for your reference Tone Display the tone settings that configured in the advanced settings page of Phone Index Gain Display the volume gain settings for Mic Speaker that configured in the advanced settings page of Phone Index Default SIP Account draytel_1 is the default SIP account You can click the number bel...

Page 328: ... function Error Correction Mode choose a mode for error correction DND Do Not Disturb mode Set a period of peace time without disturbing by VoIP phone call During the period the one who dial in will listen busy tone yet the local user will not listen any ring tone Index 1 15 in Schedule Enter the index of schedule profiles to control when the phone will ring and when will not according to the prec...

Page 329: ...ings volume gain MISC and DTMF mode Advanced setting is provided for fitting the telecommunication custom for the local area of the router installed Wrong tone settings might cause inconvenience for users To set the sound pattern of the phone set simply choose a proper region to let the system find out the preset tone settings and caller ID type automatically Or you can adjust tone settings manual...

Page 330: ...e volume is MISC Dial Tone Power Level This setting is used to adjust the loudness of the dial tone The smaller the number is the louder the dial tone is It is recommended for you to use the default setting Call Waiting Tone Power Level This setting is used to adjust the loudness of the call waiting tone The smaller the number is the louder the tone is It is recommended for you to use the default ...

Page 331: ...fault value was 101 This setting is available for the OutBand RFC2833 mode Replace digit in caller ID to For international phone call the phone number could add a sign for example 8865972727 However the caller ID DTMF type especially can not display at all Therefore this function can be enabled to give another number to replace the plus sign for example can be replaced by 00 Then the above phone n...

Page 332: ... that the VoIP connection is launched Codec Indicates the voice codec employed by present channel PeerID The present in call or out call peer ID the format may be IP or Domain Elapse hh mm ss The format is represented as hours minutes seconds Tx Pkts Total number of transmitted voice packets during this connection session Rx Pkts Total number of received voice packets during this connection sessio...

Page 333: ...s are equipped with a wireless LAN interface compliant with the standard IEEE 802 11n draft 2 protocol To boost its performance further the Vigor Router is also loaded with advanced wireless technology to lift up data rate up to 300 Mbps Hence you can finally smoothly enjoy stream music and video Note The actual data throughput will vary according to the network conditions and environmental factor...

Page 334: ...encryption while WPA2 applies AES The WPA Enterprise combines not only encryption but also authentication Since WEP has been proved vulnerable you may consider using WPA for the most secure connection You should select the appropriate security mechanism according to your needs No matter which security suite you select they all will enhance the over the air data protection and or privacy on your wi...

Page 335: ...escription Enable Wireless LAN Check the box to enable wireless function Mode At present the router can connect to 11b Only 11g Only 11n Only 2 4 GHz Mixed 11b 11g Mixed 11g 11n and Mixed 11b 11g 11n stations simultaneously Simply choose Mixed 11b 11g 11n mode Channel Means the channel of frequency of the wireless LAN The default channel is 6 You may switch channel if the selected channel is under...

Page 336: ...N to work at certain time interval only You may choose up to 4 schedules out of the 15 schedules pre defined in Applications Schedule setup The default setting of this field is blank and the function will always work After finishing all the settings here please click OK to save the configuration 3 3 1 13 3 3 3 S Se ec cu ur ri it ty y This page allows you to set security with different modes for S...

Page 337: ...d Disable Turn off the encryption mechanism WEP Accepts only WEP clients and the encryption key should be entered in WEP Key WEP 802 1x Only Accepts only WEP clients and the encryption key is obtained dynamically from RADIUS server with 802 1X protocol WPA 802 1x Only Accepts only WPA clients and the encryption key is obtained dynamically from RADIUS server with 802 1X protocol WPA2 802 1x Only Ac...

Page 338: ...ed via 802 1x authentication Either 8 63 ASCII characters such as 012345678 or 64 Hexadecimal digits leading by 0x such as 0x321253abcde Type Select from Mixed WPA WPA2 or WPA2 only Pre Shared Key PSK Either 8 63 ASCII characters such as 012345678 or 64 Hexadecimal digits leading by 0x such as 0x321253abcde WEP 64 Bit For 64 bits WEP key either 5 ASCII characters such as 12345 or 10 hexadecimal di...

Page 339: ...Address Filter Select to enable the MAC Address filter for wireless LAN identified with SSID 1 to 4 respectively All the clients expressed by MAC addresses listed in the box can be grouped under different wireless LAN For example they can be grouped under SSID 1 and SSID 2 at the same time if you check SSID 1 and SSID 2 MAC Address Filter Display all MAC addresses that are edited before Client s M...

Page 340: ...tation and wireless access point vigor router with the encryption of WPA and WPA2 Note Such function is available for the wireless station with WPS supported It is the simplest way to build connection between wireless network clients and vigor router Users do not need to select any encryption mode and type any long encryption passphrase to setup a wireless client every time He she only needs to pr...

Page 341: ...art PBC button of network card If you want to use PIN code you have to know the PIN code specified in wireless client Then provide the PIN code of the wireless client you wish to connect to the vigor router For WPS is supported in WPA PSK or WPA2 PSK mode if you do not choose such mode in Wireless LAN Security you will see the following message box Please click OK and go back Wireless LAN Security...

Page 342: ...ode of the router Only WPA2 PSK and WPA PSK support WPS Configure via Push Button Click Start PBC to invoke Push Button style WPS setup procedure The router will wait for WPS requests from wireless clients about two minutes The WPS LED on the router will blink fast when WPS is in progress It will return to normal condition after two minutes You need to setup WPS within two minutes Configure via Cl...

Page 343: ...ridge interface The application for the WDS Repeater mode is depicted as below The major difference between these two modes is that while in Repeater mode the packets received from one peer AP can be repeated to another peer AP through WDS links Yet in Bridge mode packets received from a WDS link will only be forwarded to local wired or wireless hosts In other words only Repeater mode can do WDS t...

Page 344: ...k WDS from Wireless LAN menu The following page will be shown Available settings are explained as follows Item Description Mode Choose the mode for WDS setting Disable mode will not invoke any WDS setting Bridge mode is designed to fulfill ...

Page 345: ...u choose Bridge as the connecting mode please type in the peer MAC address in these fields Four peer MAC addresses are allowed to be entered in this page at one time Yet please disable the unused link to get better performance If you want to invoke the peer MAC address remember to check Enable box in the front of the MAC address after typing Repeater If you choose Repeater as the connecting mode p...

Page 346: ...anism to avoid the conflict with neighboring devices of 802 11a b g Channel Bandwidth 20 the router will use 20Mhz for data transmission and receiving between the AP and the stations 20 40 the router will use 20Mhz or 40Mhz for data transmission and receiving according to the station capability Such channel can increase the performance for data transit 40 the router will use 40Mhz for data transmi...

Page 347: ...se and install it into your PC for matching with Packet OVERDRIVE refer to the following picture of Vigor N61 wireless utility window choose Enable for TxBURST on the tab of Option Note means the real transmission rate depends on the environment of the network TX Power Set the power percentage for transmission signal of access point The greater the value is the higher intensity of the signal will ...

Page 348: ...ew algorithm is better than old Fragment Length 256 2346 Set the Fragment threshold Do not modify default value if you don t know what it is default value is 2346 RTS Threshold 1 2347 Minimize the collision unit is bytes between hidden stations to improve wireless performance Set the RTS threshold Do not modify default value if you don t know what it is default value is 2347 After finishing all th...

Page 349: ...t can finish his job within one hour and will not occupy the wireless network for a long time Available settings are explained as follows Item Description SSID Display the SSID that the wireless station will use it to connect with Vigor router Enable Check the box to enable the station control function Connection Time Reconnection Time Use the drop down list to choose the duration for the wireless...

Page 350: ...30 000 kbps All the wireless stations share the bandwidth for uploading without exceeding the valued typed here Total Download Limit Default value is 30 000 kbps All the wireless stations share the bandwidth for downloading without exceeding the valued typed here Per Station Limit If you choose Per Station Limit the router will offer the bandwidth for each wireless station based on the values conf...

Page 351: ...e of the APs on the wireless LAN Yet only the AP which is in the same channel of this router can be found Please click Scan to discover all the connected APs Available settings are explained as follows Item Description Scan It is used to discover all the connected AP The results will be shown on the box above this button Statistics It displays the statistics for the channels used by APs Add to If ...

Page 352: ... with its status code There is a code summary below for explanation For convenient Access Control you can select a WLAN station and click Add to Access Control below Available settings are explained as follows Item Description Refresh Click this button to refresh the status of station list Add Click this button to add current typed MAC address into Access Control ...

Page 353: ...e settings are explained as follows Item Description Bind to WAN Choose and check WAN interface s for SSL VPN tunnel establishment Port Such port is set for SSL VPN server It will not affect the HTTPS Port configuration set in System Maintenance Management In general the default setting is 443 Server Certificate When the client does not set any certificate default certificate will be used for HTTP...

Page 354: ...he URL Active Display current status active or inactive of such profile Click number link under Index filed to set detailed configuration Available settings are explained as follows Item Description Name Type name of the profile The length of the name is limited to 15 characters URL Type the address function variation or IP address or path of the proxy server Host IP Address If you type function v...

Page 355: ...SSL if you choose such selection web proxy over SSL will be applied for VPN After finishing all the settings here please click OK to save the configuration 3 3 1 14 4 3 3 S SS SL L A Ap pp pl li ic ca at ti io on n It provides a secure and flexible solution for network resources including VNC Virtual Network Computer RDP Remote Desktop Protocol SMB to any remote user with access to Internet and a ...

Page 356: ...ugh RDP protocol SMB Application It allows you to access and control a remote PC through Samba service IP Address If you choose VNC or RDP you have to type the IP address for this protocol Port If you choose VNC or RDP you have to specify the port used for this protocol The default setting is 5900 Idle Timeout If you choose VNC you have to specify the time for disconnecting the SSL VPN tunnel Scal...

Page 357: ...e The SSL technology is the same as the encryption that you use for secure web sites such as your online bank The SSL VPN can be operated in either full tunnel mode or proxy mode Now Vigor series allows up to 10 simultaneous incoming users For SSL VPN identity authentication and power management are implemented through deploying user accounts Therefore the user account for SSL VPN must be set toge...

Page 358: ... in user to make an IPSec VPN connection through Internet L2TP with IPSec Policy Allow the remote dial in user to make a L2TP VPN connection through the Internet You can select to use L2TP alone or with IPSec Select from below None Do not apply the IPSec policy Accordingly the VPN connection employed the L2TP without IPSec policy can be viewed as one pure L2TP connection Nice to Have Apply the IPS...

Page 359: ...ctions for such VPN profile Assign Static IP Address Please type a static IP address for the subnet you specified User Name This field is applicable when you select PPTP or L2TP with or without IPSec policy above Password This field is applicable when you select PPTP or L2TP with or without IPSec policy above Enable Mobile One Time Passwords mOTP Check this box to make the authentication with mOTP...

Page 360: ...ked You can uncheck it to disable it High Encapsulating Security Payload ESP means payload data will be encrypted and authenticated You may select encryption algorithm from Data Encryption Standard DES Triple DES 3DES and AES Local ID Specify a local ID to be used for Dial in setting in the LAN to LAN Profile setup This item is optional and can be used only in IKE aggressive mode After finishing a...

Page 361: ...d by applications such as User Management VPN and etc Each item is explained as follows Item Description Set to Factory Default Click to clear all indexes Index Display the number of the client which connecting to FTP server Name Display the name of the group profile Click any index number link to open the following page for detailed configuration Available settings are explained as follows ...

Page 362: ...PN and Remote Access Remote Dial In User The enabled profiles will be listed in the Available User Account on the left box To add a profile into a group simply choose the one from the left box and click the button It will be displayed in the Selected User Account on the right box For detailed information about configuring the profile setting refer to Objects Setting IP Group RADIUS The RADIUS serv...

Page 363: ...cess into DrayTek SSL VPN portal interface Next users can open SSL VPN Online Status to view logging status of SSL VPN Available settings are explained as follows Item Description Active User Display current user who visit SSL VPN server Host IP Display the IP address for the host Time out Display the time remaining for logging out Action You can click Drop to drop certain login user from the rout...

Page 364: ...d by Vigor router can be seen from USB Application Modem Support List For network connection via USB modem refer to WAN Internet Access and WAN General Setup for detailed information 3 3 1 15 5 1 1 U US SB B G Ge en ne er ra al l S Se et tt ti in ng gs s This page will determine the number of concurrent FTP connection default charset for FTP server At present the Vigor router can support USB stora...

Page 365: ... same as the host name The workgroup name can have as many as 15 characters and the host name can have as many as 23 characters Both them cannot contain any of the following Workgroup Name Type a name for the workgroup Host Name Type the host name for the router Printer Server Enable Click it to make Vigor router act as a printer server with USB printer attached After finishing all the settings he...

Page 366: ...d is specified for accessing into web pages of Vigor router only Also it is reserved for FTP firmware upgrade usage Note FTP Passive mode is not supported by Vigor Router Please disable the mode on the FTP client Password Type the password for FTP Samba users for accessing FTP server Later you can open FTP client software and type the password specified here for accessing into USB storage disk The...

Page 367: ... profile Directory Check the items List Create and Remove for such profile Before you click OK you have to insert a USB storage disk into the USB interface of the Vigor router Otherwise you cannot save the configuration 3 3 1 15 5 3 3 F Fi il le e E Ex xp pl lo or re er r File Explorer offers an easy way for users to view and manage the content of USB storage disk connected on Vigor router Availab...

Page 368: ...n router please click Disconnect USB Disk first And then remove the USB storage disk later Available settings are explained as follows Item Description Connection Status If there is no USB storage disk connected to Vigor router No Disk Connected will be shown here Disk Capacity It displays the total capacity of the USB storage disk Free Capacity It displays the free space of the USB storage disk C...

Page 369: ...ommunications room is overheating During summer in particular it is important to ensure that your server or data communications equipment are not overheating due to cooling system failures The inclusion of a USB thermometer in compatible Vigor routers will continuously monitor the temperature of its environment When a pre determined threshold is reached you will be alerted by either an email or SM...

Page 370: ...it Choose the display unit of the temperature There are two types for you to choose Alarm Settings Enable Syslog Alarm The temperature log will be recorded on Syslog if it is enabled Upper temperature limit Lower temperature limit Type the upper limit and lower limit for the system to send out temperature alert T Te em mp pe er ra at tu ur re e C Ch ha ar rt t Below shows an example of temperature...

Page 371: ...eries User s Guide 355 3 3 1 15 5 6 6 M Mo od de em m S Su up pp po or rt t L Li is st t Such page provides the information about the brand name and model name of the USB modems which are supported by Vigor router ...

Page 372: ...in Page Greeting Configuration Backup Syslog Mail Alert Time and Date Management Reboot System Firmware Upgrade and Activation Below shows the menu items for System Maintenance 3 3 1 16 6 1 1 S Sy ys st te em m S St ta at tu us s The System Status provides basic network settings of Vigor router It includes LAN and WAN interface information Also you could get the current running firmware version or...

Page 373: ...ver Display the current status of DHCP server of the LAN interface DNS Display the assigned IP address of the primary DNS WAN Link Status Display current connection status MAC Address Display the MAC address of the WAN Interface Connection Display the connection type IP Address Display the IP address of the WAN interface Default Gateway Display the assigned IP address of the default gateway IPv6 A...

Page 374: ...ion ACS Server On Choose the interface for the router connecting to ACS server ACS Server URL Username Password Such data must be typed according to the ACS Auto Configuration Server you want to link Please refer to Auto Configuration Server user s manual for detailed information Test With Inform Specify the Event Code from the drop down list Click this button to make a test for the response from ...

Page 375: ...se of maintaining the binding in the Gateway Please type a number as the minimum period The default setting is 60 seconds Maximum Keep Alive Period If STUN is enabled the CPE must send binding request to the server for the purpose of maintaining the binding in the Gateway Please type a number as the maximum period A value of 1 indicates that no maximum period is specified Apply Settings to APs Thi...

Page 376: ...e web user interface with the password typed here for simple web configuration The settings on simple web user interface will be different with full web user interface accessed by using the administrator password Password Type in new password in this field The length of the password is limited to 31 characters Confirm Password Type in the new password again Set to Factory Default Click to return t...

Page 377: ...ing screen will appear Simply click OK 4 Log out Vigor router web user interface by clicking the Logout button 5 The following window will be open to ask for username and password Type the new user password in the filed of Password and click Login ...

Page 378: ...Mode can be configured as same as in Admin Mode 3 3 1 16 6 5 5 L Lo og gi in n P Pa ag ge e G Gr re ee et ti in ng g When you want to access into the web user interface of Vigor router the system will ask you to offer username and password first At that moment the background of the web page is blank and no heading will be displayed on the Login window This page allows you to specify login URL and ...

Page 379: ...lcome Message and Bulletin Type words or sentences here It will be displayed for bulletin message In addition it can be displayed on the login dialog at the bottom Note that do not type URL redirect link here Preview Click it to display the preview of the login window based on the settings on this web page Set to Factory Default Click to return to the factory default setting Below shows an example...

Page 380: ...llow the steps below to backup your configuration 1 Go to System Maintenance Configuration Backup The following windows will be popped up as shown below 2 Click Backup button to get into the following dialog Click Save button to open another dialog for saving configuration as a file 3 In Save As dialog the default filename is config cfg You could give it another name by yourself ...

Page 381: ...le Note Backup for Certification must be done independently The Configuration Backup does not include information of Certificate R Re es st to or re e C Co on nf fi ig gu ur ra at ti io on n 1 Go to System Maintenance Configuration Backup The following windows will be popped up as shown below 2 Click Browse button to choose the correct configuration file for uploading to the router 3 Click Restore...

Page 382: ...e disk Router Name Display the name for such router configured in System Maintenance Management If there is no name here simply lick the link to access into System Maintenance Management to set the router name Server IP Address The IP address of the Syslog server Destination Port Assign a port for the Syslog protocol Mail Syslog Check the box to recode the mail event on Syslog Enable syslog messag...

Page 383: ...me Type the user name for authentication Password Type the password for authentication Enable E mail Alert Check the box to send alert message to the e mail box while the router detecting the item s you specify here Click OK to save these settings For viewing the Syslog please do the following 1 Just set your monitor PC s IP address in the field of Server IP Address 2 Install the Router Tools in t...

Page 384: ...Vigor2760 Series User s Guide 368 ...

Page 385: ...the remote administrator PC host as router s system time Use Internet Time Select to inquire time information from Time Server on the Internet using assigned protocol Time Server Type the IP address of the time server Priority Choose Auto or IPv6 First as the priority Time Zone Select the time zone where the router is located Enable Daylight Saving Check the box to enable the daylight saving Such ...

Page 386: ...ows you to configure settings for SNMP and SNMPV3 services The SNMPv3 is more secure than SNMP through the encryption method support AES and DES and authentication method support MD5 and SHA for the management needs Available settings are explained as follows Item Description Enable SNMP Agent Check it to enable this function Get Community Set the name for getting community by typing a proper ...

Page 387: ...s Notification Host IP IPv4 Set the IPv4 address of the host that will receive the trap community Notification Host IP IPv6 Set the IPv6 address of the host that will receive the trap community Trap Timeout The default setting is 10 seconds Enable SNMPV3 Agent Check it to enable this function USM User USM means user based security mode Type a username which will be used for authentication The maxi...

Page 388: ...rom Internet Management Port Setup and External Device Control The management pages for IPv4 and IPv6 protocols are different F Fo or r I IP Pv v4 4 Available settings are explained as follows Item Description Router Name Type in the router name provided by ISP Default Disable Auto Logout If it is enabled the function of auto logout for web user interface will be disabled ...

Page 389: ...terface of Vigor router Access List from the Internet You could specify that the system administrator can only login from a specific host or network defined in the list A maximum of three IPs subnet masks is allowed List IP Indicate an IP address allowed to login to the router Subnet Mask Represent a subnet mask allowed to login to the router Management Port Setup User Define Ports Check to specif...

Page 390: ...When the external device master device sends request packet to Vigor2760 Vigor2760 would send back information to respond the request coming from the external device which is able to manage Vigor2760 After finished the above settings click OK to save the configuration ...

Page 391: ...the router from Internet Check the box es to specify Enable PING from the Internet Check the checkbox to enable all PING packets from the Internet For security issue this function is disabled by default Access List You could specify that the system administrator can only login from a specific host or network defined in the list A maximum of three IPs subnet masks is allowed IPv6 Address Prefix Len...

Page 392: ...edule web page and you can use the number that you have set in that web page If you want to reboot the router using the current configuration check Using current configuration and click Reboot Now To reset the router settings to default values check Using factory default configuration and click Reboot Now The router will take 5 seconds to reboot the system Note When the system pops up Reboot Syste...

Page 393: ...ing an example Note that this example is running over Windows OS Operating System Download the newest firmware from DrayTek s web site or FTP site The DrayTek web site is www DrayTek com or local DrayTek s web site and FTP site is ftp DrayTek com Click System Maintenance Firmware Upgrade to launch the Firmware Upgrade Utility Click OK The following screen will appear Please execute the firmware up...

Page 394: ...ion After you have finished the setting profiles for WCF refer to Web Content Filter Profile it is the time to activate the mechanism for your computer Click System Maintenance Activation to open the following page for accessing http myvigor draytek com Available settings are explained as follows Item Description Activate via Interface Choose WAN interface used by such device for activating Web Co...

Page 395: ...elow shows the successful activation of Web Content Filter 3 3 1 17 7 D Di ia ag gn no os st ti ic cs s Diagnostic Tools provide a useful way to view or diagnose the status of your Vigor router Below shows the menu items for Diagnostics ...

Page 396: ...riggering to open the web page The internet connection e g PPPoE is triggered by a package sending from the source IP address Available settings are explained as follows Item Description Decoded Format It shows the source IP address local destination IP remote address the protocol and length of the package Refresh Click it to reload the page ...

Page 397: ...s Guide 381 3 3 1 17 7 2 2 R Ro ou ut ti in ng g T Ta ab bl le e Click Diagnostics and click Routing Table to open the web page Available settings are explained as follows Item Description Refresh Click it to reload the page ...

Page 398: ...an IP address Available settings are explained as follows Item Description Refresh Click it to reload the page 3 3 1 17 7 4 4 I IP Pv v6 6 N Ne ei ig gh hb bo ou ur r T Ta ab bl le e The table shows a mapping between an Ethernet hardware address MAC Address and an IPv6 address This information is helpful in diagnosing network problems such as IP address conflicts etc Click Diagnostics and click IP...

Page 399: ...such as IP address conflicts etc Click Diagnostics and click DHCP Table to open the web page Available settings are explained as follows Item Description Index It displays the connection item number IP Address It displays the IP address assigned by this router for specified PC MAC Address It displays the MAC address for the specified PC that DHCP assigned IP address for it Leased Time It displays ...

Page 400: ...T Sessions Table to open the list page Available settings are explained as follows Item Description Private IP Port It indicates the source IP address and port of local PC Pseudo Port It indicates the temporary port of the router used for NAT Peer IP Port It indicates the destination IP address and port of remote host Interface It displays the representing number for different interface Refresh Cl...

Page 401: ...PV4 IPV6 Choose the interface for such function Ping through Use the drop down list to choose the WAN interface that you want to ping through or choose Unspecified to be determined by the router automatically Ping to Use the drop down list to choose the destination that you want to ping IP Address Type the IP address of the Host IP that you want to ping Ping IPv6 Address Type the IPv6 address that...

Page 402: ...rocedure for the IP address monitored and refreshes the data in an interval of several seconds The IP address listed here is configured in Bandwidth Management You have to enable IP bandwidth limit and IP session limit before invoke Data Flow Monitor If not a notification dialog box will appear to remind you enabling it Click Diagnostics and click Data Flow Monitor to open the web page You can cli...

Page 403: ... speed of the monitored device RX rate kbps Display the receiving speed of the monitored device Sessions Display the session number that you specified in Limit Session web page Action Block can prevent specified PC accessing into Internet within 5 minutes Unblock the device with the IP address will be blocked in five minutes The remaining time will be shown on the session column Current Peak Speed...

Page 404: ...to zero the accumulated RX TX received and transmitted data of WAN Click Refresh to renew the graph at any time The horizontal axis represents time Yet the vertical axis has different meanings For WAN1 WAN2 WAN3 Bandwidth chart the numbers displayed on vertical axis represent the numbers of the transmitted and received packets in the past For Sessions chart the numbers displayed on vertical axis r...

Page 405: ...he routes from router to the host Simply type the IP address of the host in the box and click Run The result of route trace will be shown on the screen or Available settings are explained as follows Item Description IPv4 IPv6 Click one of them to display corresponding information for it Trace through Use the drop down list to choose the interface that you want to ping through ...

Page 406: ...e eb b S Sy ys sl lo og g This page displays the time and message for User Firewall call WAN VPN settings You can check Enable Web Syslog specify the type of Syslog and choose the display mode you want Later the event of Syslog with specified type will be shown for your reference Available settings are explained as follows Item Description Enable Web Syslog Check this box to enable the function of...

Page 407: ... the system Time Display the time of the event occurred Message Display the information for each event F Fo or r U US SB B S Sy ys sl lo og g This page displays the syslog recorded on the USB storage disk Available settings are explained as follows Item Description Time Display the time of the event occurred Log Type Display the type of the record Message Display the information for each event ...

Page 408: ...tus web page could help you to diagnose the connection status of TSPC If TSPC has configured properly the router will display the following page when the user connects to tunnel broker successfully Available settings are explained as follows Item Description Refresh Click this link to refresh this page manually ...

Page 409: ... existing IPv4 network environment The IPv6 packets will be encapsulated with the header of IPv4 first Later the packets will be transformed and judged by IPv4 router Once the packets arrive the border between IPv4 and IPv6 the header of IPv4 on the packets will be removed Then the packets with IPv6 address will be forwarded to the destination of IPv6 network Translation Such feature is active onl...

Page 410: ...e use the drop down list to choose a proper connection type Different connection types will bring out different configuration page Refer to the following PPP Dual Stack application IPv4 and IPv6 services can be utilized at the same time Choose PPP and type the information for PPPoE of IPv4 Access into the setting page for IPv6 service it is not necessary for you to configure anything ...

Page 411: ...Vigor2760 Series User s Guide 395 Click OK and open Online Status If the connection is successful you will get the IP address for IPv4 and IPv6 at the same time ...

Page 412: ...nformation for TSPC service Note While using such mode you have to make sure the IPv4 network connection is normal In the following figure the TSPC information is obtained from http gogo6 com after applied for the service Click OK and open Online Status If the connection is successful the physical connection will be shows as follows ...

Page 413: ...Note While using such mode you have to make sure the IPv4 network connection is normal In the following figure the AICCU information is obtained from https www sixxs net main after applied for the service Click OK and open Online Status If the connection is successful the physical connection will be shows as follows ...

Page 414: ...s Guide 398 DHCPv6 Client Choose DHCPv6 Client Click one of the identity associations and type the IAID number Click OK and open Online Status If the connection is successful the physical connection will be shows as follows ...

Page 415: ...es User s Guide 399 Static IPv6 Choose Static IPv6 Type IPv6 address Prefix Length and Gateway Address Click OK and open Online Status If the connection is successful the physical connection will be shows as follows ...

Page 416: ...4 Static Tunnel Choose 6in4 Static Tunnel Type remote endpoint IPv4 address 6in4 IPv6 Address LAN Routed Prefix and Tunnel TTL Click OK and open Online Status If the connection is successful the physical connection will be shows as follows ...

Page 417: ... User s Guide 401 6rd Choose 6rd Type IPv4 Border Relay IPv4 Mask Length 6rd Prefix and 6rd Prefix Length Click OK and open Online Status If the connection is successful the physical connection will be shows as follows ...

Page 418: ...ubnet of LAN 1 supports IPv6 feature 2 In the field of Router Advertisement Server the default setting is Enable The client s PC will ask router advertisement service for the Prefix of IPv6 address automatically and generate an Interface ID by itself to compose a full and unique IPv6 address 3 In the field of HCPv6 Server Configuration when DHCPv6 service is enabled you can assign available IPv6 a...

Page 419: ...ommand of ipconfig Refer to the following figure From the above figure we can see IPv6 IP address has been captured by the system 2 Use the Ping command to ping any IPv6 address indicating an IPv6 website For example www kame net is a website supporting IPv4 IP and IPv6 IP services Its IPv6 address is seen with a format of 2001 200 dff fff1 216 3eff feb1 44d7 After getting the above message it mea...

Page 420: ...ype an URL of IPv6 e g www kame net If your computer accesses into the website by using IPv6 address you may see a turtle dancing on the screen If not only a steady turtle will be seen If you can see a turtle dancing on the screen that means IPv6 service is ready for you to access and utilize ...

Page 421: ... files on the device or write paste files to the devcie it must be done through FTP server You will need to setup USB FTP first We would like to give brief instructions on USB FTP setup here 1 Plug the USB device to the USB port on the router Make sure Disk Connected appears on the Connection Status as the figure shown below 2 Setup a user account for the FTP service by using USB Application USB U...

Page 422: ...pears it means the FTP service is running properly 6 Return to USB Application USB Disk Status The information for FTP server will be shown as below Now users in LAN of Vigor2710 can access into the USB storage device by typing ftp 192 168 1 1 on any browser They can add or remove files directories depending on the Access Rule for FTP account settings in USB Application USB User Management ...

Page 423: ... go or r R Ro ou ut te er r f fo or r H He ea ad d O Of ff fi ic ce e 1 Log into the web user interface of Vigor router 2 Open VPN and Remote Access LAN to LAN to create a LAN to LAN profile The following settings are for a permanent VPN connection 3 Click any index number to open the configuration page Type a name which is easy for identification for such profile in this case type VPN Server and ...

Page 424: ... Check the box of Specify Remote and type the Peer VPN Server IP e g 218 242 130 19 in this case Press the IKE Pre Shared Key button to set the PSK and select Medium AH or High ESP as the security method 5 Continue to navigate to the TCP IP Network Settings for setting the LAN IP for remote side 6 Click OK to save the settings ...

Page 425: ...ser interface of Vigor router 2 Open VPN and Remote Access LAN to LAN to create a LAN to LAN profile The following settings are for a permanent VPN connection 3 Click any index number to open the configuration page Type a name which is easy for identification for such profile in this case type VPN Client and check the box of Enable This Profile For such Vigor router will be set as a client the cal...

Page 426: ...service and type the remote server IP host name e g 218 242 133 91 in this case Press the IKE Pre Shared Key button to set the PSK and select Medium AH or High ESP as the security method 5 Continue to navigate to the TCP IP Network Settings for setting the LAN IP for the remote side 6 Click OK to save the settings ...

Page 427: ... advanced bandwidth management technology QoS Quality of Service helps you to well allocate the bandwidth upon your demand of Voice Video or Data transferring Let s see how to get the optimum bandwidth per your request by using DrayTek Vigor router as below Scenario The Internet connection you got from ISP line is 2MB 512Kb There are VoIP telephony network IPTV set top box and data server at your ...

Page 428: ...nd click Add 4 Check the box of ACT Click Edit to specify the local address 5 In the pop up window choose Range Address as the Address Type and type the start IP address and end IP address in relational fields Click OK to save the settings and exit the window 6 Click OK again to save the settings ...

Page 429: ... to return to previous page 8 Do the same steps to add class rules for IPTV and Data Email with IP addresses as shown below and 9 Assuming you get 2MB 512Kb Internet line You can click the Setup link of WAN1 to set up the bandwidth for different groups among VoIP IPTV and Data Email ...

Page 430: ...p page check the box of Enable the QoS Control Type 30 50 and 15 in the boxes for VoIP IPTV and Data Email respectively Check the box of Enable UDP Bandwidth Control 11 Click OK to save the settings The class rules for WAN1 are defined as shown below ...

Page 431: ...Vigor router at home to connect to the server in the headquarter office downtown via either HTTPS or V PN to check email and access internal database Meanwhile children may chat on Skype in the restroom 1 Go to Bandwidth Management Quality of Service 2 Click Setup link of WAN 1 2 3 Make sure the QoS Control on the left corner is checked And select BOTH in Direction 3 Set Inbound Outbound bandwidth...

Page 432: ...imize the QoS performance 4 Return to previous page Enter the Name of Index Class 1 by clicking Edit link Type the name E mail for Class 1 Click OK to save the settings 5 Click the Setup link for WAN2 The user can set reserved bandwidth e g 25 for E mail using protocol POP3 and SMTP Click OK to save the settings 6 Return to previous page Enter the Name of Index Class 2 by clicking Edit link In thi...

Page 433: ...e UDP Bandwidth Control on the bottom to prevent enormous UDP traffic influent other application Click OK 9 If the worker has connected to the headquarter using host to host VPN tunnel Please refer to Chapter 3 VPN for detail instruction he may set up an index for it Enter the ...

Page 434: ... of Index 3 In this index he will set reserved bandwidth for 1 VPN tunnel 10 Click Edit for Class 3 to open a new window In this index the user will set reserved bandwidth for VPN 11 Click Add to open the following window Check the ACT box first ...

Page 435: ...Vigor2760 Series User s Guide 419 12 Then click Edit of Local Address to set a worker s subnet address Click Edit of Remote Address to set headquarter s IP address Leave other fields and click OK ...

Page 436: ...terface of Vigor router 2 Configure relational objects first Open Object Settings SMS Mail Server Object to get the following page Index 1 to Index 8 allows you to choose the built in SMS service provider If the SMS service provider is not on the list you can configure Index 9 and Index 10 to add the new service provider to Vigor router 3 Choose any index number e g Index 1 in this case to configu...

Page 437: ...rofile setting 5 Open Object Settings Notification Object to configure the event conditions of the notification 6 Choose any index number e g Index 1 in this case to configure conditions for sending the SMS In the following page type the name of the profile and check the Disconnected and Reconnected boxes for WAN to work in concert with the topic of this paper ...

Page 438: ...o choose SMS Provider and the Notify Profile specify the time of sending SMS Then type the phone number in the field of Recipient the one who will receive the SMS 9 Click OK to save the settings Later if one of the WAN connections fails in your router the system will send out SMS to the phone number specified If the router has only one WAN interface the system will send out SMS to the phone number...

Page 439: ...S P Pr ro ov vi id de er r Choose one of the Index numbers 9 or 10 allowing you to customize the SMS Provider In the web page type the URL string of the SMS provider and type the username and password After clicking OK the new added SMS provider will be added and will be available for you to specify for sending SMS out ...

Page 440: ... Anti Spam Web Content Filter Anti Intrusion and etc to filtering the web pages for the sake of protecting your system To access into MyVigor for getting more information please create an account for MyVigor 4 4 7 7 1 1 C Cr re ea at te e a an n A Ac cc co ou un nt t v vi ia a V Vi ig go or r R Ro ou ut te er r 1 Click CSM Web Content Filter Profile The following page will appear Or Click System M...

Page 441: ...ies User s Guide 425 2 Click the Activate link A login page for MyVigor web site will pop up automatically 3 Click the link of Create an account now 4 Check to confirm that you accept the Agreement and click Accept ...

Page 442: ...Vigor2760 Series User s Guide 426 5 Type your personal information in this page and then click Continue 6 Choose proper selection for your computer and click Continue ...

Page 443: ...TART 8 Check to see the confirmation email with the title of New Account Confirmation Letter from myvigor draytek com 9 Click the Activate my Account link to enable the account that you created The following screen will be shown to verify the register process is finished Please click Login ...

Page 444: ...Now click Login Your account has been activated You can access into MyVigor server to activate the service e g WCF that you want 4 4 7 7 2 2 C Cr re ea at te e a an n A Ac cc co ou un nt t v vi ia a M My yV Vi ig go or r W We eb b S Si it te e 1 Access into http myvigor draytek com Find the line of Not registered yet Then click the link Click here to access into next page ...

Page 445: ...s User s Guide 429 2 Check to confirm that you accept the Agreement and click Accept 3 Type your personal information in this page and then click Continue 4 Choose proper selection for your computer and click Continue ...

Page 446: ...TART 6 Check to see the confirmation email with the title of New Account Confirmation Letter from myvigor draytek com 7 Click the Activate my Account link to enable the account that you created The following screen will be shown to verify the register process is finished Please click Login ...

Page 447: ... password that you just created in the fields of UserName and Password Then type the code in the box of Auth Code according to the value displayed on the right side of it Now click Login Your account has been activated You can access into MyVigor server to activate the service e g WCF that you want ...

Page 448: ...o either 202 211 100 10 or 203 98 200 10 which IP or mapping is decided by the internal load balancing algorithm With address mapping feature you can manually configure any host mapping to any WAN interface to fit the request In the above example you can configure NAT Host 1 to always map to 202 211 100 10 WAN1 Host 2 to always map to 202 211 100 11 WAN1 alias Host 3 always map to 203 98 200 10 WA...

Page 449: ...m the above figure set main WAN IP address as 202 211 100 10 Click the WAN IP Alias button to configure the other P address which is 202 211 100 11 Make sure Join IP NAT Pool is not checked Click OK to save the settings 4 Now you bind some specific computers to some WAN IP alias for outgoing traffic ...

Page 450: ...sing to Internet through Vigor router Others e g 192 168 1 31 and 192 168 1 32 outside the range can get the source from LAN only The way we can use is to set two rules under Firewall For Rule 1 of Set 2 under Firewall Filter Setup is used as the default setting we has to create a new rule starting from Filter Rule 2 of Set 2 1 Access into the web user interface of Vigor router 2 Open Firewall Fil...

Page 451: ... Filter Rule 7 If Block If No Further Match for is selected for Filter the firewall of the router would check the packets with the rules starting from Rule 3 to Rule 7 The packets not matching with the rules will be processed according to Rule 2 4 Next set another rule Just open Firewall Filter Setup Click the Set 2 link and choose the Filter Rule 3 button 5 Check the box of Check to enable the Fi...

Page 452: ...t Type 192 168 1 10 in the field of Start IP and type 192 168 1 20 in the field of End IP Then click OK to save the settings The computers within the range can access into the Internet 7 Now check the content of Source IP is correct or not The action for Filter shall be set with Pass Immediately Then click OK to save the settings ...

Page 453: ... Series User s Guide 437 8 Both filter rules have been created Click OK 9 Now all the settings are configured well Only the computers with the IP addresses within 192 168 1 10 192 168 1 20 can access to Internet ...

Page 454: ...ilter Benefits Free flexible for customize webpage Note Manual setting e g one keyword for one website I Via Web Content Filter 1 Make sure the Web Content Filter powered by Commtouch license is valid How to register activate Web Content Filter WCF license Please visit for getting more information How to Register AI AV AS WCF Service Service Activation Wizard http www draytek com user SupportFAQDe...

Page 455: ...le to create a WCF profile Check Social Networking with Action Block 3 Enable this profile in Firewall General Setup Default Rule 4 Next time when someone accesses facebook via this router the web page would be blocked and the following message would be displayed instead ...

Page 456: ...Click an index number to open the setting page 2 In the field of Contents please type facebook Configure the settings as the following figure 3 Open CSM URL Content Filter Profile Click an index number to open the setting page 4 Configure the settings as the following figure 5 When you finished the above steps click OK Then open Firewall General Setup ...

Page 457: ... the field of URL Content Filter Now users cannot open any web page with the word facebook inside B Disallow users to play games on Facebook 1 Open Object Settings Keyword Object Click an index number to open the setting page 2 In the field of Contents please type apps facebook Configure the settings as the following figure ...

Page 458: ...g page 4 Configure the settings as the following figure 5 When you finished the above steps please open Firewall General Setup 6 Click the Default Rule tab Choose the profile just configured from the drop down list in the field of URL Content Filter Now users cannot open any web page with the word facebook inside ...

Page 459: ... to factory default setting if necessary If all above stages are done and the router still cannot run normally it is the time for you to contact your dealer for advanced help 5 5 1 1 C Ch he ec ck ki in ng g I If f t th he e H Ha ar rd dw wa ar re e S St ta at tu us s I Is s O OK K o or r N No ot t Follow the steps below to verify the hardware status 1 Check the power line and WLAN LAN cable conne...

Page 460: ...stilled failed please do the steps listed below to make sure the network connection settings is OK F Fo or r W Wi in nd do ow ws s The example is based on Windows 7 Professional Edition As to the examples for other operation systems please refer to the similar steps or find support notes in www DrayTek com 1 Open All Programs Getting Started Control Panel Click Network and Sharing Center 2 In the ...

Page 461: ...or2760 Series User s Guide 445 4 Select Internet Protocol Version 4 TCP IP and then click Properties 5 Select Obtain an IP address automatically and Obtain DNS server address automatically Finally click OK ...

Page 462: ...uide 446 F Fo or r M Ma ac c O OS S 1 Double click on the current used Mac OS on the desktop 2 Open the Application folder and get into Network 3 On the Network screen select Using DHCP from the drop down list of Configure IPv4 ...

Page 463: ...uter correctly F Fo or r W Wi in nd do ow ws s 1 Open the Command Prompt window from Start menu Run 2 Type command for Windows 95 98 ME or cmd for Windows NT 2000 XP Vista The DOS command dialog will appear 3 Type ping 192 168 1 1 and press Enter If the link is OK the line of Reply from 192 168 1 1 bytes 32 time 1ms TTL 255 will appear 4 If the line does not appear please check the IP address sett...

Page 464: ...f ff f You have to wait about 15 seconds after inserting 3G USB Modem into your Vigor2760 Later the USB LED will light on which means the installation of USB Modem is successful If the USB LED does not light on please remove and reinsert the modem again If it still fails restart Vigor2760 U US SB B L LE ED D l li ig gh ht ts s o on n b bu ut t t th he e n ne et tw wo or rk k c co on nn ne ec ct ti...

Page 465: ...ng g I If f N Ne ec ce es ss sa ar ry y Sometimes a wrong connection can be improved by returning to the default settings Try to reset the router by software or hardware Such function is available in Admin Mode only Warning After pressing factory default setting you will loose all settings you did before Make sure you have recorded all useful settings before you pressing The password of factory de...

Page 466: ...ration After restore the factory default setting you can configure the settings for the router again to fit your personal request 5 5 7 7 C Co on nt ta ac ct ti in ng g D Dr ra ay yT Te ek k If the router still cannot work correctly after trying many efforts please contact Draytek or your dealer for further help right away For any questions please feel free to send e mail to support DrayTek com No...

Page 467: ...bes the firmware versions for the routers explained in this manual Click Start Run and type Telnet 192 168 1 1 in the Open box as below Note that the IP address in the example is the default address of the router If you have changed the default enter the current IP address of the router Click OK The Telnet terminal will be open Please type admin admin for Account Password Then type You will see a ...

Page 468: ...is used to display current status of ADSL setting S Sy yn nt ta ax x adsl status E Ex xa am mp pl le e Vigor adsl status ATU R Info hw annex A f w annex A Running Mode T1 413 State TRAINING DS Actual Rate 0 bps US Actual Rate 0 bps DS Attainable Rate 0 bps US Attainable Rate 0 bps DS Path Mode Fast US Path Mode Fast DS Interleave Depth 0 US Interleave Depth 0 NE Current Attenuation 0 dB Cur SNR Ma...

Page 469: ...s 0 PPPoA 1 PPPoE 2 MPoA Modu 0 T1 413 2 G dmt 4 Multi 5 ADSL2 7 ADSL2_AnnexM 8 ADSL2 14 ADSL2 _AnnexM acqIP It means the way to acquire IP address Type the number to determine the IP address by specifying or assigned dynamically by DHCP server 0 fix_ip 1 dhcp_client PPPoE PPPoA acquire IP method idle Type number to determine the network connection will be kept for always or idle after a certain t...

Page 470: ...c number and must be between 0 Channel 1 to 7 Channel 8 status It means to shown the whole bridge status save It means to save the configuration to flash enable It means to enable the Multi VLAN function disable It means to disable the Multi VLAN function on off It means to turn on off bridge mode for the specific channel clear It means to turn off and clear all the PVC settings tag tag_no No tag ...

Page 471: ...de You has to use adsl reboot to restart booting T Te el ln ne et t C Co om mm ma an nd d a ad ds sl l d dr ri iv ve em mo od de e This command is useful for laboratory to measure largest power of data transmission Please follow the steps below to set adsl drivermode 1 Please connect dsl line to the DSLAM 2 Waiting for dsl SHOWTIME 3 Drop the dsl line 4 Now it is on continuous sending mode and ads...

Page 472: ...evel 5 for F5 End to End VC level chklink Check the DSL connection Log_on log_off Enable or disable the OAM log for debug E Ex xa am mp pl le e adsl oamlb chklink on OAM checking dsl link is ON adsl oamlb F5 4 Tx cnt 0 Rx Cnt 0 T Te el ln ne et t C Co om mm ma an nd d a ad ds sl l v vc ci il li im mi it t This command can cancel the limit for vci value Some ISP might set the vci value under 32 In ...

Page 473: ...move It means to remove ADSL mode set It means to use default settings plus the new added ADSL mode default It means to use default settings show It means to display current setting adsl_mode There are three modes to be choose ANNEXL ANNEXM and ANNEXJ E Ex xa am mp pl le e Vigor adsl automode set ANNEXJ Automode supported T1 413 G DMT ADSL2 ADSL2 ANNEXJ Vigor adsl automode default Automode support...

Page 474: ...n Parameter Description status Display current status of user defined vendor ID on Enable the user defined function off Disable the user defined function set vid0 vid1 It means to set user defined vendor ID with vid0 and vid1 The vendor ID shall be set with HEX format ex 00fe7244 79612f21 E Ex xa am mp pl le e adsl vendorid status User define CPE Vendor ID is OFF vid0 vid1 0x00fe7244 79612f21 adsl...

Page 475: ... 5 6 0 6 7 0 7 8 0 adsl atm mbs 2 300 max MBS is 300 for pvc 2 T Te el ln ne et t C Co om mm ma an nd d a ad ds sl l p pv vc cb bi in nd di in ng g This command can configure PVC to PVC binding Such command is available only for PPPoE and MPoA 1483 Bridge mode adsl pvcbinding pvc_x pvc_y status 1 S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description pvc_x It means the PVC numb...

Page 476: ...tatus ATU R Info hw annex A f w annex A B C Running Mode State TRAINING DS Actual Rate 0 bps US Actual Rate 0 bps DS Attainable Rate 0 bps US Attainable Rate 0 bps DS Path Mode Fast US Path Mode Fast DS Interleave Depth 0 US Interleave Depth 0 NE Current Attenuation 0 dB Cur SNR Margin 0 dB DS actual PSD 0 0 dB US actual PSD 0 0 dB NE CRC Count 0 FE CRC Count 0 NE ES Count 0 FE ES Count 0 Xdsl Res...

Page 477: ...L Enter Driver Mode 1 please connect dsl line to the DSLAM 2 Waiting for dsl SHOWTIME 3 drop the dsl line 4 now it is on continuous sending mode Use adsl reboot to restart dsl to normal mode T Te el ln ne et t C Co om mm ma an nd d v vd ds sl l r re eb bo oo ot t Note We can provide prompt support support draytek com if you refer to the telnet command and have any queries E Ex xa am mp pl le e vds...

Page 478: ...p pl le e vdsl showbins 0 30 DOWNSTREAM Bin SNR Gain Bi Bin SNR Gain Bi Bin SNR Gain Bi Bin SNR Gain Bi dB 1dB ts dB 1dB ts dB 1dB ts dB 1dB ts Bin SNR Gain Bi Bin SNR Gain Bi Bin SNR Gain Bi Bin SNR Gain Bi dB 1dB ts dB 1dB ts dB 1dB ts dB 1dB ts T Te el ln ne et t C Co om mm ma an nd d v vd ds sl l o op pt tn n This command is used to enable or disable the parameters related to VDSL Note We can ...

Page 479: ...telnet command and have any queries adsl vendorid status on off set vid0 vid1 S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description status Display current setting of vendor ID On off Enable Disable the user defined setting set It is used to set user define vendor ID by vid0 vid1 vid0 vid1 Set vendor ID number with the format of HEX ex 00fe7244 79612f21 E Ex xa am mp pl le e vd...

Page 480: ...ter Description m Available settings are 1 and 2 a enable 1 0 to enable disable this entry n UserName contact UserName max 24 characters p PassWord contact PassWord max 24 characters s select It means to specify an IP address for Server 0 no selection 1 NSW 61 9 192 13 2 QLD 61 9 208 13 3 VIC 61 9 128 13 4 SA 61 9 224 13 5 WA 61 9 240 13 l List List all settings configured E Ex xa am mp pl le e bp...

Page 481: ... NAME It means to specify a name for the CSM profile less then 15 characters E Ex xa am mp pl le e csm appe prof i 1 n games The name of APPE Profile 1 was setted T Te el ln ne et t C Co om mm ma an nd d c cs sm m a ap pp pe e i im m It is used to configure IM settings for APP Enforcement Profile csm appe im i INDEX v e AP d AP a AP ACTION S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Param...

Page 482: ...on INDEX It means to specify the index number of CSM profile from 1 to 32 v It means to view the P2P configuration of the CSM profile e It means to enable the blocking for specific application d It means to disable the blocking for specific application a Set the action of specific application 0 or 1 0 Block All of the applications meet the CSM rule will be blocked 1 Pass All of the applications me...

Page 483: ...i ip pt ti io on n INDEX It means to specify the index number of CSM profile from 1 to 32 v It means to view the protocol configuration of the CSM profile e It means to enable the blocking for specific application d It means to disable the blocking for specific application a Set the action of specific application 0 or 1 0 Block All of the applications meet the CSM rule will be blocked 1 Pass All o...

Page 484: ... p VALUE csm ucf obj INDEX l P B A N csm ucf obj INDEX uac csm ucf obj INDEX wf S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n P Pa ar ra am me et te er r D De es sc cr ri ip pt ti io on n show It means to display all of the profiles setdefault It means to return to default settings for all of the profile msg MSG It means de set the administration message MSG means the content less than 255 ...

Page 485: ... Select Bundle Pass Enable URL Access Control Action pass Prevent web access from IP address No Obj NO Object Name No Grp NO Group Name T Te el ln ne et t C Co om mm ma an nd d c cs sm m u uc cf f o ob bj j I IN ND DE EX X u ua ac c It means to configure the settings regarding to URL Access Control uac csm ucf obj INDEX uac v csm ucf obj INDEX uac e csm ucf obj INDEX uac d csm ucf obj INDEX uac a ...

Page 486: ... any IP address will be blocked D Disable the function o Set the keyword object KEY_WORD_Object_Ind ex Specify the index number of the object profile g Set the keyword group KEY_WORD_Group_Inde x Specify the index number of the group profile E Ex xa am mp pl le e csm ucf obj 1 uac i E Profile Index 1 Profile Name game Log none Priority Select Bundle Pass Enable URL Access Control Action pass v Pre...

Page 487: ... 1 to 8 v It means to view the protocol configuration of the CSM profile e It means to enable the restriction of web feature d It means to disable the restriction of web feature a Set the action of web feature P or B B Block The web access meets the web feature will be blocked P Pass The web access meets the web feature will be passed s It means to enable the the Web Feature configuration Features...

Page 488: ...ect Index csm wcf obj INDEX g KEY_WORD Group Index csm wcf obj INDEX w E D P B csm wcf obj INDEX s CATEGORY WEB_GROUP csm wcf obj INDEX u CATEGORY WEB_GROUP S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description show It means to display the web content filter profiles Look It means to display the license information of WCF Cache It means to set the cache level for the profile S...

Page 489: ...under CATEGORY or WEB_GROUP WEB_GROUP Child_Protection Leisure Business Chating Computer Internet Other CATEGORY Includes Alcohol Tobacco Criminal Activity Gambling Hate Intoleranc Illegal Drug Nudity Pornography Sexually Explicit Weapons Violence School Cheating Sex Education Tasteless Child Abuse Imges Entertainment Games Sports Travel Leisure Recreation Fashin Beauty Business Job Search Web bas...

Page 490: ...lence v Weapons v School Cheating v Sex Education v Tasteless v Child Abuse Images leisure Group Entertainment Games Sports Travel Leisure Recreation Fashion Beauty T Te el ln ne et t C Co om mm ma an nd d d dd dn ns s l lo og g Displays the DDNS log E Ex xa am mp pl le e ddns log T Te el ln ne et t C Co om mm ma an nd d d dd dn ns s t ti im me e Sets and displays the DDNS time ddns time update in...

Page 491: ...and set its parameter s ATTACK_F It means to specify the name of flooding attack s or portscan e g synflood udpflood icmpflood or postscan THRESHOLD It means the packet rate packet second that a flooding attack will be detected Set a value larger than 20 TIMEOUT It means the time seconds that a flooding attack will be blocked Set a value larger than 5 a It means to enable the defense function for ...

Page 492: ...racters for Internet accessing p password It means to set password max 49 characters for Internet accessing a n It means to set PPP Authentication Type and n means different types represented by 0 1 n 0 PAP CHAP this is default setting n 1 PAP Only t n It means to set connection duration and n means different conditions n 1 Always on n 1 999 Idle time for offline default 180 seconds i ip address I...

Page 493: ...ws users to enable or disable the IP routing subnet for your router ip 2ndsubnet Enable Disable S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description Enable Enable the function Disable Disable the function E Ex xa am mp pl le e ip 2ndsubnet enable 2nd subnet enabled T Te el ln ne et t C Co om mm ma an nd d i ip p 2 2n nd da ad dd dr r This command allows users to set the secon...

Page 494: ...m will set the one that you specified as the public subnet mask E Ex xa am mp pl le e ip 2ndmask ip 2ndmask 2nd subnet mask Now 255 255 255 0 ip 2ndmask 255 255 0 0 Set 2nd subnet mask done T Te el ln ne et t C Co om mm ma an nd d i ip p a au ux x This command is used for configuring WAN IP Alias ip aux add IP Join to NAT Pool ip aux remove index S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on ...

Page 495: ...ip addr IP address S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description IP address It means the LAN IP address E Ex xa am mp pl le e ip addr 192 168 50 1 Set IP address OK Note When the LAN IP address is changed the start IP address of DHCP server are still the same To make the IP assignment of the DHCP server being consistent with this new IP address they should be in the sa...

Page 496: ...ure the duration in which ARP caches can be stored on the system If ip arp setCacheLife is set with 60 it means you have an ARP cache at 0 second Sixty seconds later without any ARP messages received the system will think such ARP cache is expired The system will issue a few ARP request to see if this cache is still valid S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description I...

Page 497: ...cpc option u idx unmber ip dhcpc release ip dhcpc renew ip dhcpc status S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description option It is an optional setting for DHCP server h display usage l list all custom set DHCP options d delete custom dhcp client option by index number e enable disable option feature 1 enable 0 disable w set WAN number e g 1 WAN1 c set option number 0 2...

Page 498: ...address It means the WAN IP address WAN1 PVC3 PVC4 PVC5 It means the WAN port PVC that the above IP address passes through E Ex xa am mp pl le e ip ping 172 16 3 229 WAN1 Pinging 172 16 3 229 with 64 bytes of Data Receive reply from 172 16 3 229 time 0ms Receive reply from 172 16 3 229 time 0ms Receive reply from 172 16 3 229 time 0ms Packets Sent 5 Received 5 Lost 0 0 loss T Te el ln ne et t C Co...

Page 499: ... the remote device Port Type a port number e g 23 Available settings 0 65535 E Ex xa am mp pl le e ip telnet 172 17 3 252 23 T Te el ln ne et t C Co om mm ma an nd d i ip p r ri ip p This command allows users to set the RIP routing information protocol of IP ip rip 0 1 2 S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description 0 1 2 0 means disable 1 means first subnet and 2 mean...

Page 500: ...nrip Valid ex ip wanrip ifno e 0 1 ifno 1 WAN1 2 WAN2 3 PVC3 4 PVC4 5 PVC5 e 0 1 0 disable 1 enable Now status WAN 1 Rip Protocol disable WAN 2 Rip Protocol disable WAN 3 Rip Protocol disable WAN 4 Rip Protocol disable WAN 5 Rip Protocol disable ip wanrip 5 e 1 ip wanrip Valid ex ip wanrip ifno e 0 1 ifno 1 WAN1 2 WAN2 3 PVC3 4 PVC4 5 PVC5 e 0 1 0 disable 1 enable Now status WAN 1 Rip Protocol dis...

Page 501: ...f the destination netmask It means the netmask of the specified IP address gateway It means the gateway of the connected router ifno It means the connection interface 3 WAN1 5 WAN3 6 WAN4 7 WAN5 However WAN3 WAN4 WAN5 are router borne WANs rtype It means the type of the route default default route static static route cnc It means current IP range for CNC Network default Set WAN1 WAN2 off as curren...

Page 502: ...rmation of the T_home service query It means to set IGMP general query interval The default value is 125000 ms ppp 0 No need to set IGMP with PPP header 1 Set IGMP with PPP header status It means to display current status for proxy server E Ex xa am mp pl le e ip igmp t_home on T Home Setting T Home Service is turned on WAN1 Enabled connection type PPPoE without tag for ADSL WAN5 Enabled connectio...

Page 503: ...up the time to return WAN1 from backup WAN ip wanttr time in seconds S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description time in seconds The available range is 0 600 seconds E Ex xa am mp pl le e ip ip wanttr 500 T Te el ln ne et t C Co om mm ma an nd d i ip p d dm mz z Specify MAC address of certain device as the DMZ host ip dmz mac S Sy yn nt ta ax x D De es sc cr ri ip pt...

Page 504: ...ession num limit Defautlp2p num It means to set the default number of session num limit for p2p status It means to display the current settings show It means to display all session limit settings in the IP range timer num It means to set when the IP session block works The unit is second block unblock IP It means to block unblock the specified IP address Block The IP cannot access Internet through...

Page 505: ... limit default tx_rate rx_rate It means to set default tx and rx rate of bandwidth limit The range is from 0 65535 Kpbs status It means to display the current settings show It means to display all the bandwidth limits settings within the IP range add It means to add the bandwidth within the IP range del It means to delete the bandwidth within the IP range IP1 IP2 It means the range of IP address s...

Page 506: ...IP address and MAC address of the pair of binded one add It means to add one ip bindmac del It means to delete one ip bindmac IP It means to type the IP address for binding with specified MAC address MAC It means to type the MAC address for binding with the IP address specified Comment It means to type words as a brief description All It means to delete all the IP bindmac settings E Ex xa am mp pl...

Page 507: ... es status u It means to show only unicast addresses prefix It means to type the prefix number of IPv6 address prefix length It means to type a fixed value as the length of the prefix LAN WAN1 WAN2 iface It means to specify LAN or WAN interface for such address E Ex xa am mp pl le e ip6 addr a LAN Unicast Address FE80 250 7FFF FE00 0 64 Link Multicast Address FF02 2 FF02 1 FF00 0 FF02 1 T Te el ln...

Page 508: ... 0 the parameter related to the request will not be displayed E Ex xa am mp pl le e ip6 dhcp req_opt WAN2 S 1 ip6 dhcp req_opt WAN2 r 1 ip6 dhcp req_opt WAN2 a Interface WAN2 is set to request following DHCPv6 options sip name T Te el ln ne et t C Co om mm ma an nd d i ip p6 6 d dh hc cp p c cl li ie en nt t This command allows you to use DHCPv6 protocol to obtain IPv6 address from server ip6 dhcp...

Page 509: ...tem reboot T Te el ln ne et t C Co om mm ma an nd d i ip p6 6 d dh hc cp p s se er rv ve er r This command allows you to configure DHCPv6 server ip6 dhcp server command parameter S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description server It means the dhcp server settings command parameter The available commands with parameters are listed below means that you can type in seve...

Page 510: ...6 dhcp server d FF02 1 ip6 dhcp server i ff02 1 ip6 dhcp server x ff02 3 ip6 dhcp server a Interface LAN has following DHCPv6 server settings DHCPv6 server disabled maximum address of the pool FF02 3 minimum address of the pool FF02 1 1st DNS IPv6 Addr FF02 1 ...

Page 511: ...Static n 7 6rd command parameter The available commands with parameters are listed below means that you can type in several commands in one line m n It means to set IPv6 MTU N any value 0 means unspecified u username It means to set Username username type a name as the username maximum 63 characters p password It means to set Password password type a password maximum 63 characters s server It mean...

Page 512: ...N1 WAN2 ip6 neigh a inet6_addr N LAN WAN1 WAN2 S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description s It means to add a neighbour d It means to delete a neighbour a It means to show neighbour status inet6_addr Type an IPv6 address eth_addr Type submask address LAN WAN1 WAN2 Specify an interface for the neighbor E Ex xa am mp pl le e ip6 neigh s 2001 2222 3333 1111 00 50 7F 11...

Page 513: ...ded T Te el ln ne et t C Co om mm ma an nd d i ip p6 6 r ro ou ut te e This command allows you to ip6 route s prefix prefix length gateway LAN WAN1 WAN2 iface D ip6 route d prefix prefix length ip6 route a LAN WAN1 WAN2 iface S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description s It means to add a route d It means to delete a route a It means to show the route status D It mea...

Page 514: ...t ip6 ping IPV6 address Host LAN WAN1 WAN2 S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description IPV6 address Host It means to specify the IPv6 address or host for ping LAN WAN1 WAN2 It means to specify LAN or WAN interface for such address E Ex xa am mp pl le e ip6 ping 2001 4860 4860 8888 WAN2 Pinging 2001 4860 4860 8888 with 64 bytes of Data Receive reply from 2001 4860 486...

Page 515: ...001 7F8 1 A501 5169 1 330 ms 6 2001 4860 1 0 4B3 350 ms 7 2001 4860 8 0 2DAF 330 ms 8 2001 4860 2 0 66E 340 ms 9 Request timed out 10 2001 4860 4860 8888 350 ms Trace complete T Te el ln ne et t C Co om mm ma an nd d i ip p6 6 t ts sp pc c This command allows you to diplay TSPC status ip6 tspc ifno S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description ifno It means the connect...

Page 516: ...ifetime of 0 indicates that the router is not a default router and should not appear on the default router list Type the number unit second you want V It means to show the RADVD configuration r It means RA default test r num It means RA test for item num E Ex xa am mp pl le e ip6 radvd s 1 1800 ip6 radvd V IPv6 Radvd Config Radvd Enable Default Lifetime 1800 seconds T Te el ln ne et t C Co om mm m...

Page 517: ...off the Internet accessing through http telnet ping E Ex xa am mp pl le e ip6 mngt list add 1 FE80 250 7FFF FE12 1010 128 ip6 mngt list add 2 FE80 250 7FFF FE12 1020 128 ip6 mngt list add 3 FE80 250 7FFF FE12 2080 128 ip6 mngt list IPv6 Access List Index IPv6 Prefix Prefix Length 1 FE80 250 7FFF FE12 1010 128 2 FE80 250 7FFF FE12 1020 128 3 FE80 250 7FFF FE12 2080 128 ip6 mngt status IPv6 Remote M...

Page 518: ... ifno ip6 aiccu subnet add ifno prefix prefix length remove ifno show info S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description ifno It means the connection interface 1 WAN1 2 WAN2 add It means to add an IPv6 addres which can be used to execute management through Internet prefix It means to type the IPv6 address which will be used for accessing Internet prefix length It means...

Page 519: ...e ew w IPF users to view the version of the IP filter to view set the log flag to view the running IP filter rules ipf view VcdhrtzZ S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description V It means to show the version of this IP filter c It means to show the running call filter rules d It means to show the running data filter rules h It means to show the hit number of the filt...

Page 520: ...isable l VALUE It means to setup Log Flag e g l 2 Type 0 to disable the log flag Type 1 to display the log of passed packet Type 2 to display the log of blocked packet Type 3 to display the log of non matching packet p VALUE It means to setup actions for packet not matching any rule e g p 1 Type 0 to let all the packets pass Type 1 to block all the packets M P2P_NO It means to configure IM P2P for...

Page 521: ...ePage ANSI 1252 Latin I Window size 65535 Session timeout 1440 DrayTek Banner Enable Apply IP filter to VPN incoming packets Enable Accept large incoming fragmented UDP or ICMP packets Enable Strict Security Checking APP Enforcement T Te el ln ne et t C Co om mm ma an nd d i ip pf f r ru ul le e This command is used to set filter rule for firewall ipf rule s r command parameter ipf rule s r v S Sy...

Page 522: ...ress s u 3 192 168 1 10 192 168 1 15 d u Address Type Start IP Address End IP Address Address Mask It means to configure destination IP address including address type start IP address end IP address and address mask u It means user defined Address Type Type the number representing different address type 0 Subnet Address 1 Single Address 2 Any Address 3 Range Address Example Set Subnet Address d u ...

Page 523: ...Port Number range is 1 65535 F It means the Filter action you can specify 0 Pass Immediately 1 Block Immediately 2 Pass if no further match 3 Block if no further match q It means the classification for QoS 1 Class 1 2 Class 2 3 Class 3 4 Other l It means load balance policy Such function is used for debug only E It means to enable APP Enforcement a index It means to specify which APP Enforcement p...

Page 524: ... timeout Minute Windows Size Available settings range from 1 65535 Session_Timeout Make the best utilization of network resources v It is used to show current filter rule settings E Ex xa am mp pl le e ipf rule 2 1 e 1 s o 1 d o 2 S o 1 F 2 ipf rule 2 1 v Filter Set 2 Rule 1 Status Enable Comments xNetBios DNS Index 1 15 in Schedule Setup null null null null Direction LAN WAN Source IP Group1 Dest...

Page 525: ...Vigor2760 Series User s Guide 509 Log Disable CodePage ANSI 1252 Latin I Window size 65535 Session timeout 1440 DrayTek Banner Enable Strict Security Checking APP Enforcement ...

Page 526: ... It means to specify IP address e g i 192 168 2 55 p value It means to type a port number e g p 1024 Available settings are 0 65535 t value It means to specify a protocol e g t tcp Available settings include tcp udp icmp E Ex xa am mp pl le e ipf flowtrack set r Refresh the flowstate ok ipf flowtrack view f Start to show the flowtrack sessions state ORIGIN 192 168 1 11 59939 8 8 8 8 53 ifno 0 REPL...

Page 527: ...o show all logs saved in the log buffer w It means to show WAN log x It means to show packet body hex dump E Ex xa am mp pl le e log w 25 36 25 580 DHCP WAN 5 Len 548XID 0x7880fdd4 Client IP 0 0 0 0 Your IP 0 0 0 0 Next server IP 0 0 0 0 Relay agent IP 0 0 0 0 25 36 33 580 DHCP WAN 5 Len 548XID 0x7880fdd4 Client IP 0 0 0 0 Your IP 0 0 0 0 Next server IP 0 0 0 0 Relay agent IP 0 0 0 0 25 36 41 580 ...

Page 528: ...ort Http port S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description Http port It means to enter the number for HTTP port The default setting is 80 E Ex xa am mp pl le e mngt httpport 80 Set web server port to 80 done T Te el ln ne et t C Co om mm ma an nd d m mn ng gt t h ht tt tp ps sp po or rt t This command allows users to set HTTPS port for management mngt httpsport Https ...

Page 529: ...escription ssh port It means to type the number for SSH port The default setting is 22 E Ex xa am mp pl le e mngt sshport 23 Set ssh port to 23 done T Te el ln ne et t C Co om mm ma an nd d m mn ng gt t t te el ln ne et tp po or rt t This command allows users to set telnet port for management mngt telnetport Telnet port S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description Tel...

Page 530: ...iption enable It means to activate FTP server function disable It means to inactivate FTP server function E Ex xa am mp pl le e mngt ftpserver enable FTP server has been enabled mngt ftpserver disable FTP server has been disabled T Te el ln ne et t C Co om mm ma an nd d m mn ng gt t n no op pi in ng g This command is used to pass or block Ping from LAN PC to the internet mngt noping on mngt noping...

Page 531: ...Vigor2760 Series User s Guide 515 MAC and source IP clearlog It means to clear the log of ping action E Ex xa am mp pl le e mngt noping off No Ping Packet Out is OFF ...

Page 532: ... viewlog It means to display a log of defense worm packet including source MAC and source IP clearlog It means to remove the log of defense worm packet E Ex xa am mp pl le e mngt defenseworm add 21 Add TCP port 21 Block TCP port list 135 137 138 139 445 21 mngt defenseworm del 21 Delete TCP port 21 Block TCP port list 135 137 138 139 445 T Te el ln ne et t C Co om mm ma an nd d m mn ng gt t r rm m...

Page 533: ...ti io on n Parameter Description enable It means to accept the echo ICMP packet disable It means to drop the echo ICMP packet E Ex xa am mp pl le e mngt echoicmp enable Echo ICMP packet enabled T Te el ln ne et t C Co om mm ma an nd d m mn ng gt t a ac cc ce es ss sl li is st t This command allows you to specify that the system administrator can login from a specific host or network A maximum of t...

Page 534: ...type in several commands in one line e 1 2 1 Enable the SNMP function 2 Disable the SNMP function g Community name It means to set the name for getting community by typing a proper character max 23 characters s Community name It means to set community by typing a proper name max 23 characters m IP address It means to set one host as the manager to execute SNMP function Please type in IPv4 address ...

Page 535: ... subnet E Ex xa am mp pl le e msubnet switch 2 On LAN2 Subnet On This setting will take effect after rebooting Please use sys reboot command to reboot the router T Te el ln ne et t C Co om mm ma an nd d m ms su ub bn ne et t a ad dd dr r This command is used to configure subnet IP address for the specified LAN interface msubnet addr 2 IP address S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n...

Page 536: ...ter T Te el ln ne et t C Co om mm ma an nd d m ms su ub bn ne et t s st ta at tu us s This command is used to display current status of subnet msubnet status 2 S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description 2 It means LAN interface 2 LAN2 E Ex xa am mp pl le e msubnet status 2 LAN2 Off 0 0 0 0 0 0 0 0 PPP Start IP 0 0 0 60 DHCP server Off Dhcp Gateway 0 0 0 0 Start IP 0...

Page 537: ...red for NAT usage Off It means the subnet will be configured for Routing usage E Ex xa am mp pl le e msubnet nat 2 off LAN2 Subnet is for Routing usage Note If you have multiple WAN connections please be reminded to setup a Load Balance policy so that packets from this subnet will be forwarded to the right W AN interface This setting will take effect after rebooting Please use sys reboot command t...

Page 538: ...al number of IP address allowed for each LAN interface The available range is from 0 to 220 E Ex xa am mp pl le e msubnet ipcnt 2 15 This setting will take effect after rebooting Please use sys reboot command to reboot the router T Te el ln ne et t C Co om mm ma an nd d m ms su ub bn ne et t t ta al lk k This command is used to establish a route between two LAN interfaces msubnet talk 1 2 1 2 On O...

Page 539: ... nd d m ms su ub bn ne et t p pp pp pi ip p This command is used to configure a starting IP address for PPP connection msubnet pppip 2 Start IP S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description 2 3 4 It means LAN interface 2 LAN2 Start IP Type an IP address as the starting IP address for PPP connection E Ex xa am mp pl le e msubnet pppip 2 192 168 2 250 Set LAN2 PPP IPCP S...

Page 540: ...e et t p pr ri im mW WI IN NS S This command is used to configure primary WINS server msubnet primWINS 2 WINS IP S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description 2 It means LAN interface 2 LAN2 WINS IP Type the IP address as the WINS IP E Ex xa am mp pl le e msubnet primWINS 2 192 168 3 5 Set LAN2 Dhcp Primary WINS IP done T Te el ln ne et t C Co om mm ma an nd d m ms su ...

Page 541: ...a am mp pl le e msubnet tftp 2 publish Set LAN2 TFTP Server Name done T Te el ln ne et t C Co om mm ma an nd d m ms su ub bn ne et t m mt tu u This command is used to configure the MTU values for LAN1 LAN2 and IP routed subnet msubnet mtu interface value S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description interface MTU values shall be set for LAN1 LAN2 and IP_Routed_Subnet v...

Page 542: ...e i INTERFACE It means to define an interface for the IP object INTERFACE 0 means any INTERFACE 1 means LAN INTERFACE 3 means WAN Example object ip obj 8 i 0 s INVERT It means to set invert seletion for the object profile INVERT 0 means disableing the function INVERT 1 means enabling the function Example object ip obj 3 s 1 a TYPE It means to set the address type and IP for the IP object profile T...

Page 543: ...fault settings for all profiles INDEX It means the index number of the specified group profile v It means to view the information of the specified group profile Example object ip grp 1 v n NAME It means to define a name for the IP group NAME Type a name with less than 15 characters Example object ip grp 8 n bruce i INTERFACE It means to define an interface for the IP group INTERFACE 0 means any IN...

Page 544: ...igor2760 Series User s Guide 528 1 0 2 0 3 0 4 0 5 0 6 0 7 0 object ip grp 2 i 1 object ip grp 2 a 1 2 IP Group Profile 2 Name First Interface Lan Included ip object index 0 1 1 2 2 0 3 0 4 0 5 0 6 0 7 0 ...

Page 545: ...5 characters Example object service obj 9 n bruce i PROTOCOL It means to define a PROTOCOL for the service object profile PROTOCOL 0 means any PROTOCOL 1 means ICMP PROTOCOL 2 means IGMP PROTOCOL 6 means TCP PROTOCOL 17 means UDP PROTOCOL 255 means TCP UDP Other values mean other protocols Example object service obj 8 i 0 CHK It means the check action for the port setting 0 equal when the starting...

Page 546: ... 240 Destination port check action Destination port range 200 220 T Te el ln ne et t C Co om mm ma an nd d o ob bj je ec ct t s se er rv vi ic ce e g gr rp p This command is used to integrate several service objects under a service group profile object service grp setdefault object service grp INDEX v object service grp INDEX n NAME object service grp INDEX a SER_OBJ_INDEX S Sy yn nt ta ax x D De ...

Page 547: ...ded service object index 0 1 1 2 2 0 3 0 4 0 5 0 6 0 7 0 T Te el ln ne et t C Co om mm ma an nd d o ob bj je ec ct t k kw w This command is used to create keyword profile object kw obj setdefault object kw obj show PAGE object kw obj INDEX v object kw obj INDEX n NAME object kw obj INDEX a CONTENTS S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description setdefault It means to re...

Page 548: ... ne et t C Co om mm ma an nd d o ob bj je ec ct t f fe e This command is used to create File Extension Object profile object fe show object fe setdefault object fe obj INDEX v object fe obj INDEX n NAME object fe obj INDEX e CATEGORY FILE_EXTENSION object fe obj INDEX d CATEGORY FILE_EXTENSION S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description show It means to show the cont...

Page 549: ...mp3 m4a m4p ogg ra ram vox wav wma class jad jar jav java jcm js jse jsp jtk alx apb axs ocx olb ole tlb viv vrm ace arj bzip2 bz2 cab gz gzip rar sit zip bas bat com exe inf pif reg scr Example object fe obj 1 e bmp E Ex xa am mp pl le e object fe obj 1 n music object fe obj 1 e Audio object fe obj 1 v Profile Index 1 Profile Name music Image category bmp dib gif jpeg jpg jpg2 jp2 pct pcx pic pic...

Page 550: ...r2760 Series User s Guide 534 jsp jtk ActiveX category alx apb axs ocx olb ole tlb viv vrm Compression category ace arj bzip2 bz2 cab gz gzip rar sit zip Executation category bas bat com exe inf pif reg scr ...

Page 551: ...E Ex xa am mp pl le e port 1 100F Set Port 1 Force speed 100 Full duplex OK T Te el ln ne et t C Co om mm ma an nd d p po or rt tm ma ap pt ti im me e This command allows you to set a time of keeping the session connection for specified protocol portmaptime command parameter S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description command parameter The available commands with par...

Page 552: ...escription command parameter The available commands with parameters are listed below means that you can type in several commands in one line h Type it to display the usage of this command m mode It means to define which traffic the QoS control settings will apply to and eable QoS control 0 disable 1 in apply to incoming traffic only 2 out apply to outgoing traffic only 3 both apply to both incomin...

Page 553: ...ult for all WANs It means that you can type in several commands in one line E Ex xa am mp pl le e qos setup m 3 i 9500 o 8500 r 3 20 u 1 p 50 t 1 WAN1 QOS mode is both Wan 1 is XDSL model don t need to set up Wan 1 is XDSL model don t need to set up WAN1 class 3 ratio set to 20 WAN1 udp bandwidth control set to enable WAN1 udp bandwidth limit ratio set to 50 WAN1 Outbound TCP ACK Prioritizel set t...

Page 554: ...ode It means to enable or disable the specified rule 0 disable 1 enable l addr Set the local address Addr1 It means Single address Please specify the IP address directly for example l 172 16 3 9 addr1 addr2 It means Range address Please specify the IP addresses for example l 172 16 3 9 172 16 3 50 addr1 subnet It means the subnet address with start IP address Please type the subnet and the IP addr...

Page 555: ... to draytek Add a rule in class2 Class2 the 1 rule enabled Set local address type to Range 192 168 1 50 192 168 1 80 T Te el ln ne et t C Co om mm ma an nd d q qo os s t ty yp pe e This command allows user to configure protocol type and port number for QoS qos type a service name e no d no S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description a name It means to add rule e no I...

Page 556: ... subnet settings IP address 192 168 1 1 Subnet mask 255 255 255 0 RIP 1st Subnet T Te el ln ne et t C Co om mm ma an nd d s sh ho ow w l la an n2 2 This command displays current status of LAN2 IP address settings E Ex xa am mp pl le e show lan2 2nd subnet settings Status Active IP address 192 168 2 5 Subnet mask 255 255 0 0 RIP 1st Subnet T Te el ln ne et t C Co om mm ma an nd d s sh ho ow w d dh ...

Page 557: ...Ex xa am mp pl le e show dmz WAN1 DMZ mapping status Index Status WAN1 aux IP Private IP 1 Disable 172 16 3 221 2 Disable 192 168 1 65 T Te el ln ne et t C Co om mm ma an nd d s sh ho ow w d dn ns s This command displays current status of DNS setting E Ex xa am mp pl le e show dns Domain name server settings Primary DNS Not set Secondary DNS Not set ...

Page 558: ...0 0 0 0 0 0 0 3 0 0 0 0 0 0 0 4 0 0 0 0 0 0 0 5 0 0 0 0 0 0 0 6 0 0 0 0 0 0 0 7 0 0 0 0 0 0 0 8 0 0 0 0 0 0 0 9 0 0 0 0 0 0 0 10 0 0 0 0 0 0 0 11 0 0 0 0 0 0 0 12 0 0 0 0 0 0 0 13 0 0 0 0 0 0 0 14 0 0 0 0 0 0 0 15 0 0 0 0 0 0 0 16 0 0 0 0 0 0 0 17 0 0 0 0 0 0 0 18 0 0 0 0 0 0 0 19 0 0 0 0 0 0 0 20 0 0 0 0 0 0 0 MORE q Quit Enter New Lines Space Bar Next Page T Te el ln ne et t C Co om mm ma an nd ...

Page 559: ...n Usage 0 T Te el ln ne et t C Co om mm ma an nd d s sh ho ow w s st ta at tu us s This command displays current status of LAN and WAN connections E Ex xa am mp pl le e show status System Uptime 20 36 35 LAN Status Primary DNS 8 8 8 8 Secondary DNS 8 8 4 4 IP Address 192 168 1 1 Tx Rate 12923 Rx Rate 8152 WAN 1 Status Disconnected Enable Yes Line xDSL Name tcom Mode Static IP Up Time 0 00 00 IP 17...

Page 560: ...n reset It means to reset the transmitted received bytes to Zero interface It means to specify WAN1 WAN5 including multi PVC interface for displaying related statistics E Ex xa am mp pl le e show statistic WAN1 total TX 0 Bytes RX 0 Bytes WAN2 total TX 0 Bytes RX 0 Bytes WAN3 total TX 0 Bytes RX 0 Bytes WAN4 total TX 0 Bytes RX 0 Bytes WAN5 total TX 0 Bytes RX 0 Bytes T Te el ln ne et t C Co om mm...

Page 561: ...ost all ALL It means to delete all of the MAC addresses E Ex xa am mp pl le e ip route add 192 168 1 56 255 255 255 0 192 168 1 12 3 default srv dhcp public status Index MAC Address E Ex xa am mp pl le e ip route add 192 168 1 56 255 255 255 0 192 168 1 12 3 default srv dhcp public status Index MAC Address T Te el ln ne et t C Co om mm ma an nd d s sr rv v d dh hc cp p d dn ns s1 1 This command al...

Page 562: ...ess for DNS Server in LAN srv dhcp dns2 srv dhcp dns2 DNS IP address S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description It means to display current IP address of DNS 2 for the DHCP server DNS IP address It means the IP address that you want to use as DNS2 Note The IP Routed Subnet DNS must be the same as NAT Subnet DNS E Ex xa am mp pl le e srv dhcp dns2 10 1 1 1 srv dhcp d...

Page 563: ...v dhcp frcdnsmanl on Domain name server now is using manual settings srv dhcp frcdnsmanl off Domain name server now is using auto settings T Te el ln ne et t C Co om mm ma an nd d s sr rv v d dh hc cp p g ga at te ew wa ay y This command allows users to specify gateway address for DHCP server srv dhcp gateway srv dhcp gateway Gateway IP S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Paramete...

Page 564: ...sys reboot command to reboot router T Te el ln ne et t C Co om mm ma an nd d s sr rv v d dh hc cp p o on n This function allows users to turn on DHCP server It needs rebooting router please type sys reboot command to reboot router T Te el ln ne et t C Co om mm ma an nd d s sr rv v d dh hc cp p r re el la ay y This command allows users to set DHCP relay setting srv dhcp relay servip server ip srv d...

Page 565: ...s the starting point E Ex xa am mp pl le e srv dhcp startip 192 168 1 53 This setting will take effect after rebooting Please use sys reboot command to reboot the router T Te el ln ne et t C Co om mm ma an nd d s sr rv v d dh hc cp p s st ta at tu us s This command can display general information for the DHCP server such as IP address MAC address leased time host ID and so on E Ex xa am mp pl le e...

Page 566: ...ans the lease time that DHCP server can use The unit is second E Ex xa am mp pl le e srv dhcp leasetime srv dhcp leasetime Lease Time sec Now 86400 T Te el ln ne et t C Co om mm ma an nd d s sr rv v d dh hc cp p n no od de et ty yp pe e This command can set the node type for the DHCP server srv dhcp nodetype count S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description count It ...

Page 567: ...dhcp primWINS 192 168 1 88 srv dhcp primWINS srv dhcp primWINS WINS IP address srv dhcp primWINS clear Now 192 168 1 88 T Te el ln ne et t C Co om mm ma an nd d s sr rv v d dh hc cp p s se ec cW WI IN NS S This command can set the secondary IP address for the DHCP server srv dhcp secWINS WINS IP address srv dhcp secWINS clear S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Descripti...

Page 568: ...250 T Te el ln ne et t C Co om mm ma an nd d s sr rv v d dh hc cp p t tf ft tp p This command can set the TFTP server as the DHCP server srv dhcp tftp TFTP server name S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description TFTP server name It means to type the name of TFTP server E Ex xa am mp pl le e srv dhcp tftp TF123 srv dhcp tftp srv dhcp tftp TFTP server name Now TF123 T ...

Page 569: ... It means to set option number Available number ranges from 0 to 255 v It means to set option number by typing string a It means to set the option value by specifying the IP address x It means to set option number with the format of Hexadecimal characters u It means to update the option value of the specified index idx number It means the index number of the option value E Ex xa am mp pl le e srv ...

Page 570: ...lable commands with parameters are listed below means that you can type in several commands in one line e It means to enable disable such feature 1 enable 0 disable i It means to specify the private IP address of the DMZ host r It means to remove DMZ host setting v It means to display current status E Ex xa am mp pl le e srv nat dmz 1 1 i 192 168 1 96 srv nat dmz v WAN1 DMZ mapping status Index St...

Page 571: ...and parameter The available commands with parameters are listed below means that you can type in several commands in one line a enable It means to enable or disable the open port rule profile 0 disable 1 enable c comment It means to type the description less than 23 characters for the defined network service i local ip It means to set the IP address for local computer Local ip Type an IP address i...

Page 572: ...tart Port End Port Status Disable Comment Private IP address 0 0 0 0 Index Protocal Start Port End Port Telnet Command srv nat portmap This command allows users to set port redirection table for NAT server srv nat portmap add idx serv name proto pub port pri ip pri port wan1 wan2 srv nat portmap del idx srv nat portmap disable idx srv nat portmap enable idx proto srv nat portmap flush srv nat port...

Page 573: ...ctivate the selected port redirection setting flush It means to clear all the port mapping settings table It means to display Port Redirection Configuration Table E Ex xa am mp pl le e srv nat portmap add 1 game tcp 80 192 168 1 11 100 wan1 srv nat portmap table NAT Port Redirection Configuration Table Index Service Name Protocol Public Port Private IP Private Port ifno 1 game 6 80 192 168 1 11 10...

Page 574: ...Lines Space Bar Next Page Telnet Command srv nat showall This command allows users to view a summary of NAT port redirection setting open port and DMZ settings E Ex xa am mp pl le e srv nat showall Index Proto WAN IP Port Private IP Port Act R01 TCP 0 0 0 0 80 192 168 1 11 100 Y O01 TCP 0 0 0 0 23 83 192 168 1 100 23 83 Y D01 All 0 0 0 0 192 168 1 96 Y R Port Redirection O Open Ports D DMZ T Te el...

Page 575: ... newest 1 sys cmdlog 2 sys cmdlog 3 sys 4 sys cfg status 5 sys cfg T Te el ln ne et t C Co om mm ma an nd d s sy ys s f ft tp pd d This command displays current status of FTP server sys ftpd on sys ftpd off S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description on It means to turn on the FTP server of the system off It means to turn off the FTP server of the system E Ex xa am m...

Page 576: ...m mm ma an nd d s sy ys s i if fa ac ce e This command displays the current interface connection status UP or Down with IP address MAC address and Netmask for the router E Ex xa am mp pl le e sys iface Interface 0 Ethernet Status UP IP Address 192 168 1 1 Netmask 0xFFFFFF00 Private IP Address 0 0 0 0 Netmask 0xFFFFFFFF MAC 00 50 7F 00 00 00 Interface 4 Ethernet Status DOWN IP Address 0 0 0 0 Netma...

Page 577: ...Vigor2760 Series User s Guide 561 Interface 9 Ethernet Status DOWN IP Address 0 0 0 0 Netmask 0x00000000 MAC 00 50 7F 00 00 07 MORE q Quit Enter New Lines Space Bar Next Page ...

Page 578: ...me sys name wan1 wan2 ASCII string max 20 characters sys name wan1 wan2 clear Now wan1 drayrouter wan2 Note Such name can be used to recognize router s identification in SysLog dialog T Te el ln ne et t C Co om mm ma an nd d s sy ys s p pa as ss sw wd d This command allows users to set password for the administrator sys passwd ASCII string S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Param...

Page 579: ... xa am mp pl le e sys autoreboot on autoreboot is ON sys autoreboot 2 autoreboot is ON autoreboot time is 2 hour s T Te el ln ne et t C Co om mm ma an nd d s sy ys s c co om mm mi it t This command allows users to save current settings to FLASH Usually current settings will be saved in SRAM Yet this command will save the file to FLASH E Ex xa am mp pl le e sys commit T Te el ln ne et t C Co om mm ...

Page 580: ...Ex xa am mp pl le e sys qrybuf System Memory Status and Leakage List Buf sk_buff 200B used 1647 cached 30 Buf KMC4088 4088B used 0 cached 8 Buf KMC2552 2552B used 1641 cached 42 Buf KMC1016 1016B used 7 cached 1 Buf KMC504 504B used 8 cached 8 Buf KMC248 248B used 26 cached 22 Buf KMC120 120B used 67 cached 61 Buf KMC56 56B used 20 cached 44 Buf KMC24 24B used 58 cached 70 Dynamic memory 13107200B...

Page 581: ...sk for improving the triple play quality off It means to turn off the bridge task E Ex xa am mp pl le e sys britask on bridge task is ON now T Te el ln ne et t C Co om mm ma an nd d s sy ys s t tr r0 06 69 9 This command can set CPE settings for applying in VigorACS sys tr069 get parm option sys tr069 set parm value sys tr069 getnoti parm sys tr069 setnoti parm value sys tr069 log sys tr069 debug ...

Page 582: ...QUEST 7 7 TRANSFER COMPLETE 8 8 DIAGNOSTICS COMPLETE 9 M Reboot port port num It means to change tr069 listen port number cert_auth on off on turn on certificate based authentication off turn off certificate based authentication E Ex xa am mp pl le e sys tr069 get Int nextlevel Total number of parameter is 24 Total content length of parameter is 915 InternetGatewayDevice LANDeviceNumberOfEntries I...

Page 583: ... sip_alg 0 S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description 1 It means to turn on SIP ALG 0 It means to turn off SIP ALG E Ex xa am mp pl le e sys sip_alg usage sys sip_alg value 0 disable SIP ALG 1 enable SIP ALG current SIP ALG is disabled T Te el ln ne et t C Co om mm ma an nd d s sy ys s l li ic ce en ns se e This command can process the system license sys license lic...

Page 584: ... s d di ia ag g_ _l lo og g This command is used for RD debug sys diag_log status enable disable flush lineno w level x feature on off y log S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description status It means to show the status of diagnostic log enable It means to enable the function of diag_log disable It means to disenable the function of diag_log flush It means the flush ...

Page 585: ...0 00 02 DSL Status was switched firmwareReady 3 to Init 5 0 00 02 DSL Status was switched Init 5 to Restart 10 0 00 02 DSL Status was switched Restart 10 to FirmwareRequest 1 0 00 02 DSL Line state has changed 00000000 000000FF 0 00 02 DSL Entering VDSL2 mode 0 00 03 DSL modem code 05 04 08 00 00 06 0 00 05 DSL Status was switched FirmwareRequest 1 to firmwareReady 3 0 00 05 DSL Status was switche...

Page 586: ...o on n This command can enable UPnP function E Ex xa am mp pl le e upnp on UPNP start T Te el ln ne et t C Co om mm ma an nd d u up pn np p n na at t This command can display IGD NAT status E Ex xa am mp pl le e upnp nat IGD NAT Status 0 InternalClient 192 168 1 10 RemoteHost 0 0 0 0 InternalPort 21 ExternalPort 21 PortMapProtocol TCP The tmpvirtual server index 0 PortMapLeaseDuration 0 PortMapEna...

Page 587: ...nt1 UDN uuid 774e9bbe 7386 4128 b627 001daa843464 SERVICE TABLE2 serviceType urn schemas upnp org service WANCommonInterfaceConfig 1 serviceId urn upnp org serviceId WANCommonIFC1 SCPDURL upnp WComIFCX xml controlURL upnp control WANCommonIFC1 eventURL upnp event WANCommonIFC1 UDN uuid 2608d902 03e2 46a5 9968 4a54ca499148 T Te el ln ne et t C Co om mm ma an nd d u up pn np p s su ub bs sc cr ri ib...

Page 588: ...t t C Co om mm ma an nd d u up pn np p t tm mp pv vs s This command can display current status of temp Virtual Server of your router E Ex xa am mp pl le e Vigor upnp tmpvs Temp virtual server status 0 real_addr 192 168 1 10 pseudo_addr 172 16 3 229 real_port 0 pseudo_port 0 hit_portmap_index 0 The protocol TCP time 0 1 real_addr 0 0 0 0 pseudo_addr 0 0 0 0 real_port 0 pseudo_port 0 hit_portmap_ind...

Page 589: ...t C Co om mm ma an nd d v vi ig gb br rg g o on n This command can make the router to be regarded as a modem but not a router E Ex xa am mp pl le e vigbrg on Enable Vigor Bridge Function T Te el ln ne et t C Co om mm ma an nd d v vi ig gb br rg g o of ff f This command can disable vigor bridge function E Ex xa am mp pl le e vigbrg off Disable Vigor Bridge Function T Te el ln ne et t C Co om mm ma ...

Page 590: ... command is used to enable the bridge WAN1 management E Ex xa am mp pl le e vigbrg wan1on Enable Vigor Bridge Wan1 management T Te el ln ne et t C Co om mm ma an nd d v vi ig gb br rg g w wa an n1 1o of ff f This command is used to disable the bridge WAN1 management E Ex xa am mp pl le e vigbrg wan1off Disable Vigor Bridge Wan1 management T Te el ln ne et t C Co om mm ma an nd d v vp pn n l l2 2l ...

Page 591: ...l le e VPN l2lset 1 peerid 10226 T Te el ln ne et t C Co om mm ma an nd d v vp pn n l l2 2l lD Dr ro op p This command allows users to terminate current LAN to LAN VPN connection E Ex xa am mp pl le e vpn l2lDrop T Te el ln ne et t C Co om mm ma an nd d v vp pn n d di in ns se et t This command allows users to configure setting for remote dial in VPN profile vpn dinset list index vpn dinset list i...

Page 592: ... Idle Timeout 300 sec vpn dinset 1 on set profile active vpn dinset 1 motp on Enable Mobile OTP mode vpn dinset 1 pin_secret 1234 e759bb6f0e94c7ab4fe6 vpn dinset 1 Dial in profile index 1 Profile Name Status Active Mobile OTP Enabled PIN 1234 Secret e759bb6f0e94c7ab4fe6 Idle Timeout 300 sec T Te el ln ne et t C Co om mm ma an nd d v vp pn n s su ub bn ne et t This command allows users to specify a...

Page 593: ...usr pwd key nip nmask S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description For PPTP Dial Out index It means the index number of the profile name It means the name of the profile ip It means the IP address to dial to usr pwd It means the user and the password required for the PPTP connection nip nmask It means the remote network IP and the mask e g vpn setup 1 name1 pptp_out 1...

Page 594: ...and the password required for the PPTP L2TP connection key It means the value of IPsec Pre Shared Key nip nmask It means the remote network IP and the mask e g vpn setup 1 name1 dialin 1 2 3 4 vigor 1234 abc 192 168 1 0 255 255 255 0 E Ex xa am mp pl le e vpn setup 1 name1 dialin 1 2 3 4 vigor 1234 abc 192 168 1 0 255 255 255 0 Profile Change Log Profile Index 1 Profile Name name1 Username vigor P...

Page 595: ...nction to pass the packet off Disable the function to block the packet dir It means the call direction Available settings are b o and i b Both o Dial Out i Dial In idle value It means Always on and Idle Time out Available values include 1 it means always on for dial out 0 it means always on for dial in Other numbers e g idle 200 idle 300 idle 500 mean the router will be idle after the interval sec...

Page 596: ...to set IKE Pre Shared Key abcd ometh It means IPSec Security Method ometh ah means AH ometh espd espda means ESP DES without with Authentication ometh esp3 esp3a means ESP 3DES without with Authentication ometh espa espaa means ESP AES without with Authentication sch It means Index 1 15 in Schedule Setup sch 1 3 5 7 Set schedule 1 3 5 7 ikemode It means IKE phase 1 mode ikemode m means IKE phase 1...

Page 597: ...P Settings mywip It means My WAN IP mywip 1 2 3 4 means to set My WAN IP as 1 2 3 4 rgip It means Remote Gateway IP rgip 1 2 3 4 means to set Remote Gateway IP as 1 2 3 4 rnip It means Remote Network IP rnip 1 2 3 0 means to set Remote Network IP as 1 2 3 0 rnmask It means Remote Network Mask rnmask 255 255 255 0 means to set Remote Network Mask as 255 255 255 0 rip It means RIP Direction rip d me...

Page 598: ...ex number of the profile Available index numbers 1 32 network ip mask Type the IP address with the network mask address E Ex xa am mp pl le e vpn mroute 1 add 192 168 5 0 24 192 168 5 0 24 Add new route 192 168 5 0 24 to profile 1 T Te el ln ne et t C Co om mm ma an nd d v vp pn n l li is st t This command allows users to view LAN to LAN VPN profiles vpn list index all vpn list index com vpn list ...

Page 599: ...ps Username Password PPP Authentication PAP CHAP VJ Compression on Pre Shared Key IPSec Security Method AH Schedule 0 0 0 0 Remote Callback off Provide ISDN Number off IKE phase 1 mode Main mode IKE Local ID Dial In Settings MORE q Quit Enter New Lines Space Bar Next Page vpn list 1 com Common Settings Profile Name Profile Status Disable Netbios Naming Packet Pass Call Direction Both Idle Timeout ...

Page 600: ...on on off It means to enable or disable second subnet E Ex xa am mp pl le e vpn 2ndsubnet on Enable second subnet IP as VPN server IP T Te el ln ne et t C Co om mm ma an nd d v vp pn n N Ne et tB Bi io os s This command allows users to enable or disable NetBios for Remote Access User Accounts or LAN to LAN Profile vpn NetBios set H2l L2l index Block Pass S Sy yn nt ta ax x D De es sc cr ri ip pt t...

Page 601: ... nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description show It means to display current setting status default TCP maximum segment size for all the VPN connection will be set as 1360 bytes set Use it to specify the connection type and value of MSS connection type 1 4 represent various type 1 PPTP 2 L2TP 3 IPSec 4 L2TP over IPSec TCP maximum segment size range Each type has different s...

Page 602: ...2l index Block Pass S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description H2l L2l H2l means Host to LAN Remote Access User Accounts L2l means LAN to LAN Profile index The index number of the profile Block Pass Set Block Pass the Multicast Packets The default is Block E Ex xa am mp pl le e vpn Multicast set L2l 1 Pass Lan to Lan Profile Index 1 Status Block Pass PASS T Te el ln...

Page 603: ...T E Ex xa am mp pl le e vpn pass2nat on Packets would go through by NAT when VPN disconnect T Te el ln ne et t C Co om mm ma an nd d w wa an n p pp pp p_ _m mr ru u This command allows users to adjust the size of PPP LCP MRU It is used for specific network wan ppp_mru WAN interface number MRU siz S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description WAN interface number Type a...

Page 604: ...tu Static IP DHCP Max MSS 1500 PPPoE Max MSS 1492 PPTP L2TP Max MSS 1460 wan ppp_mss MSS size 1000 1500 Now 1100 T Te el ln ne et t C Co om mm ma an nd d w wa an n D DF F_ _c ch he ec ck k This command allows you to enable or disable the function of DF Don t fragment wan DF_check on wan DF_check off S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description on off It means to enabl...

Page 605: ...wan forward WAN forwarding is Disable wan forward on WAN forwarding is enable T Te el ln ne et t C Co om mm ma an nd d w wa an n s st ta at tu us s This command allows you to display the status of WAN connection including connection mode TX RX packets DNS settings and IP address E Ex xa am mp pl le e wan status WAN1 Offline stall N Mode Up Time 00 00 00 IP GW IP TX Packets 0 TX Rate Bps 0 RX Packe...

Page 606: ... Adsl_only E Ex xa am mp pl le e wan vdsl show basic ADSL Link Status TRAINING Firmware Version 05 04 04 04 00 01 ADSL Profile Basic Status Upstream Downstream Unit Actual Data Rate 0 0 Kb s SNR 0 0 0 1dB wan vdsl fbk_mode vdsl_only Set VDSL fallback mode to VDSL ONLY Reboot system to take effect T Te el ln ne et t C Co om mm ma an nd d w wa an n d de et te ec ct t This command allows you to Ping ...

Page 607: ...AN1 always on WAN2 off WAN3 off WAN4 off WAN5 off wan detect wan1 target 192 168 1 78 Set OK wan detect wan1 on Set OK wan detect status WAN1 on Target 192 168 1 78 TTL 255 WAN2 off WAN3 off WAN4 off WAN5 off T Te el ln ne et t C Co om mm ma an nd d w wa an n l lb b This command allows you to Enable Disable for each WAN to join auto load balance member wan lb wan1 wan2 on wan lb wan1 wan2 off S Sy...

Page 608: ...splay the whole Bridge status save It means to save the configuration into flash of Vigor router enable disable It means to enable disable the Multi VLAN function on off It means to turn on off bridge mode for the specific channel clear It means to clear tag tag_no It means to tag a number for the VLAN 1 No need to add tag number 1 4095 Available setting numbers used as tagged number service type ...

Page 609: ...De es sc cr ri ip pt ti io on n Parameter Description channel There are 4 channels including VLAN and PVC Available settings are 1 Channel 1 3 Channel 3 4 Channel 4 5 Channel 5 WAN interface Type a number to indicate the WAN interface 1 WAN1 status It means to display current bridge status E Ex xa am mp pl le e wan multifno 5 1 Configured channel 5 uplink to WAN1 wan multifno status Channel 3 upli...

Page 610: ...SSID3 and SSID4 add MAC ssid1 ssid2 ssid3 ssid4 isolate It means to associate a MAC address to certain SSID interfaces access control settings The isolate setting will limit the wireless client s network capabilities to accessing the wireless LAN only MAC format xx xx xx xx xx xx or xx xx xx xx xx xx or xx xx xx xx xx xx del MAC It means to delete a MAC address entry defined in the access control ...

Page 611: ...um enable upload download wl config isolate ssid_num lan member S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description mode value It means to select connection mode for wireless connection Available settings are 11bgn 11gn 11n 11bg 11g or 11b mode show It means to display what the current wireless mode is channel number It means the channel of frequency of the wireless LAN The ...

Page 612: ...P 802 1x Only wpapsk WPA PSK wpa2psk WPA2 PSK wpamixpsk Mixed WPA WPA2 PSK wep WEP key index Moreover you have to add keys for wpapsk wpa2psk wpamixpsk and wep and specify index number of schedule profiles to be followed by the wireless connection WEP keys must be in 5 13 ASCII text string or 10 26 Hexadecimal digit format WPA keys must be in 8 63 ASCII text string or 64 Hexadecimal digit format r...

Page 613: ...t Telnet Command wl restart T Te el ln ne et t C Co om mm ma an nd d w wl l s se et t This command allows users to configure basic wireless settings wl set SSID CHAN En wl set txburst enable S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description SSID It means to type the SSID for the router The maximum character that you can use is 32 CHAN En It means to specify required channe...

Page 614: ...command allows users to activate the function of VPN isolation wl iso_vpn ssid En S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description ssid It means the number of SSID 1 SSID1 2 SSID2 3 SSID3 4 SSID4 En It means to enable or disable the function of VPN isolation 0 disable 1 enable E Ex xa am mp pl le e wl iso_vpn 1 on ssid 1 isolate vpn on 1 T Te el ln ne et t C Co om mm ma a...

Page 615: ...r queues best effort background voice and video Aifsn It controls how long the client waits for each data transmission Cwmin Cwmax CWMin means contention Window Min and CWMax means contention Window Max Specify the value ranging from 1 to 15 Txop It means transmission opportunity Specify the value ranging from 0 to 65535 ACM It can restrict stations from using specific category class if it is enab...

Page 616: ...ield value S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description wl ht bw value The value you can type is 0 for BW_20 and 1 for BW_40 wl ht gi value The value you can type is 0 for GI_800 and 1 for GI_4001 wl ht badecline value The value you can type is 0 for disabling and 1 for enabling wl ht autoba value The value you can type is 0 for disabling and 1 for enabling wl ht rdg ...

Page 617: ... t C Co om mm ma an nd d w wl l b bt tn nc ct tl l This command allows you to enable or disable wireless button control wl btnctl value S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description value 0 disable 1 enable E Ex xa am mp pl le e wl btnctl 1 Enable wireless botton control Current wireless botton control is on T Te el ln ne et t C Co om mm ma an nd d w wl l e ef fu us se...

Page 618: ... Pri Tag Enabled WAN1 ADSL 0 0 WAN1 VDSL 0 0 WAN2 0 0 T Te el ln ne et t C Co om mm ma an nd d w wo ol l This command allows Administrator to set the white list of WAN IP addresses Subnets that the magic packet from these IP addresses Subnets will be eligible to pass through NAT and wake up the LAN client You also need to set NAT rule for LAN client wol up MAC Address IP Address wol fromWan on off...

Page 619: ...to the LAN network from a specific WAN interface idx ip address mask It means the index number from 1 to 4 These commands will allow the user to configure the LAN clients that the user may wake up from the Internet through the use of the WoL packet ip address It means the WAN IP address mask It means the mask of the IP address E Ex xa am mp pl le e wol fromWan on wol fromWan_Setting 1 192 168 1 45...