Draytek Vigor2800 Series, User Manual

Page 1: ...em or translated into any language without written permission from the copyright holders The scope of delivery and other details are subject to change without prior notice Microsoft is a registered trademark of Microsoft Corp Windows Windows 95 98 Me NT 2000 XP and Explorer are trademarks of Microsoft Corp Apple and Mac OS are registered trademarks of Apple Computer Inc Other products may be trade...

Page 2: ...Vigor2800 Series User s Guide ii ...

Page 3: ... 2 PPPoE PPPoA 10 2 2 3 Bridged IP 11 2 2 4 Routed IP 13 2 3 Online Status 14 2 4 Saving Configuration 15 3 AdvancedWebConfiguration 17 3 1 Internet Access 17 3 1 1 Basics of Internet Protocol IP Network 17 3 1 2 PPPoE PPPoA 18 3 1 3 MPoA 20 3 1 4 Multi PVCs 22 3 2 LAN 23 3 2 1 Basics of LAN 23 3 2 2 General Setup 25 3 2 3 Static Route 27 3 2 4 VLAN Rate Control 31 3 3 NAT 32 3 3 1 Port Redirectio...

Page 4: ... Certificate 81 3 8 VoIP 82 3 8 1 DialPlan 84 3 8 2 SIP Accounts 86 3 8 3 Phone Settings 90 3 8 4 Status 93 3 9 WLAN 94 3 9 1 Basic Concepts 94 3 9 2 General Settings 96 3 9 3 Security 98 3 9 4 Access Control 100 3 9 5 Station List 101 3 10 System Maintenance 102 3 10 1 System Status 102 3 10 2 Administrator Password 103 3 10 3 Configuration Backup 103 3 10 4 Syslog Mail Alert 105 3 10 5 Time and ...

Page 5: ... to Peer Calling 133 4 6 Upgrade Firmware for Your Router 134 4 7 Request a certificate from a CA server on Windows CA Server 136 4 8 Request a CA Certificate and Set as Trusted on Windows CA Server 139 5 Trouble Shooting 143 5 1 Checking If the Hardware Status Is OK or Not 143 5 2 Checking If the Network Connection Settings on Your Computer Is OK or Not 143 5 3 Pinging the Router from Your Comput...

Page 6: ......

Page 7: ...ating packets user configurable web filtering for parental control against network abuse etc Vigor2800 series is embedded with an 802 11g compliant wireless module which provides wireless LAN access with data rate as much as 108Mpbs SuperG As for data privacy of wireless network the Vigor2800 series can encode all transmissions data with standard WEP and industrial strength WPA2 IEEE 802 11i encry...

Page 8: ...er is ready Orange A normal 10Mbps connection is through its corresponding port Green A normal 100Mbps connection is through its corresponding port LAN P1 P2 P3 P4 Blinking Ethernet packets are transmitting C Co on nn ne ec ct to or r E Ex xp pl la an na at ti io on n Interface Description Printer Connecter for a USB printer PWR Connecter for a power adapter with 12 15VDC ON OFF Power Switch LAN P...

Page 9: ...ed off DSL On The ADSL ADSL2 2 line is connected Printer On The USB interface printer is ready Orange A normal 10Mbps connection is through its corresponding port Green A normal 100Mbps connection is through its corresponding port LAN P1 P2 P3 P4 Blinking Ethernet packets are transmitting C Co on nn ne ec ct to or r E Ex xp pl la an na at ti io on n Interface Description Printer Connecter for a US...

Page 10: ...ing port Green A normal 100Mbps connection is through its corresponding port LAN P1 P2 P3 P4 Blinking Ethernet packets are transmitting C Co on nn ne ec ct to or r E Ex xp pl la an na at ti io on n Interface Description Printer Connecter for a USB printer PWR Connecter for a power adapter with 12 15VDC ON OFF Power Switch FXS2 FXS1 Connecters for telephone set and analog phone with VoIP communicat...

Page 11: ... 10Mbps connection is through its corresponding port Green A normal 100Mbps connection is through its corresponding port LAN P1 P2 P3 P4 Blinking Ethernet packets are transmitting C Co on nn ne ec ct to or r E Ex xp pl la an na at ti io on n Interface Description Printer Connecter for a USB printer PWR Connecter for a power adapter with12 15VDC ON OFF Power Switch FXS2 FXS1 Connecters for telephon...

Page 12: ...Cs directly 3 Connect one end of the power cord to the power port of this device Connect the other end to the wall outlet of electricity 4 Connect the telephone sets with phone lines for using VoIP function For the user of the model without VoIP ports skip this step 5 Power on the router 6 Check the ACT LED to assure network connections For the detailed information of LED status please refer to se...

Page 13: ...password for this device you have to access into the web browse with default password first 1 Make sure your computer connects to the router correctly Notice You may either simply set up your computer to get IP dynamically from the router or set up the IP address of the computer to be the same subnet as the default IP address of Vigor router 192 168 1 1 For the detailed information please refer to...

Page 14: ...er the login password the default is blank on the field of Old Password Type a new one in the field of New Password and retype it on the field of Retype New Password Then click OK to continue 6 Now the password has been changed Next time use the new password to access the Web Configurator for this router ...

Page 15: ...r to access the Internet with different protocol modes such as PPPoE PPPoA Bridged IP or Routed IP The router supports the DSL WAN interface for Internet access Now you have to select an appropriate WAN connection type for connecting to the Internet through this router according to the settings that your ISP provided VPI Stands for Virtual Path Identifier It is an 8 bit header inside each ATM cell...

Page 16: ...DNS Second DNS Assign an IP address to the secondary DNS 2 2 2 2 2 2 P PP PP Po oE E P PP PP Po oA A PPPoE stands for Point to Point Protocol over Ethernet It relies on two widely accepted standards PPP and Ethernet It connects users through an Ethernet to the Internet with a common broadband medium such as a single DSL line wireless device or cable modem All the users over the Ethernet can share ...

Page 17: ...ype in the value unit is second as the idle timeout of the connection When the time is expired the internet connection will be dropped immediately Click Next for viewing summary of such connection Click Finish The online status of this protocol will be shown as below 2 2 2 2 3 3 B Br ri id dg ge ed d I IP P Click 1483 Bridged IP as the protocol Type in all the information that your ISP provides fo...

Page 18: ...Vigor2800 Series User s Guide 12 After finishing the settings in this page click Next to see the following page Click Finish The online status of this protocol will be shown as below ...

Page 19: ...d I IP P Click 1483 Routed IP as the protocol Type in all the information that your ISP provides for this protocol After finishing the settings in this page click Next to see the following page Click Finish The online status of this protocol will be shown as below ...

Page 20: ...us shows the system status WAN status ADSL Information and other status related to this router within one page If you select PPPoE or PPPoA as the protocol you will find out a button of Dial PPPoE or Dial PPPoE in the Online Status web page Online status for PPPoA PPPoE Online status for Bridge ...

Page 21: ...e interface TX Blocks Displays the total number of transmitted ATM Blocks RX Blocks Displays the total number of received ATM Blocks Corrected Blocks Displays the total l number of received ATM Blocks corrupted but corrected Uncorrected Blocks Displays the total number of received ATM Blocks corrupted but uncorrected Mode Displays the modulation mode used G DMT G Lite or T1 413 State Displays the ...

Page 22: ...Vigor2800 Series User s Guide 16 Ready indicates the system is ready for you to input settings Settings Saved means your settings are saved once you click Finish or OK button ...

Page 23: ...further protect its LAN it interconnects groups of host PCs Each of them has a private IP address assigned by the built in DHCP server of the Vigor router The router itself will also use the default private IP address 192 168 1 1 to communicate with the local hosts Meanwhile Vigor router will communicate with other network devices through a public IP address When the data flow passing through the ...

Page 24: ...ccess menu The following web page will be shown PPPoE PPPoA Client Click Enable for activating this function If you click Disable this function will be closed and all the settings that you adjusted in this page will be invalid DSL Modem Settings Set up the DSL parameters required by your ISP These are vital for building DSL connection to your ISP Multi PVC channel The selections displayed here are...

Page 25: ...field Password Type in the password provided by ISP in this field PPP Authentication Select PAP only or PAP or CHAP for PPP Always On Check this box if you want the router keeping connecting to Internet forever Idle Timeout Set the timeout for breaking down the Internet after passing through the time without any action IP Address From ISP Usually ISP dynamically assigns IP address to you each time...

Page 26: ...s for the router manually Index 1 15 in Schedule Setup You can type in four sets of time schedule for your request All the schedules can be set previously in Application Schedule web page and you can use the number that you have set in that web page After finishing all the settings here please click OK to activate them 3 3 1 1 3 3 M MP Po oA A MPoA is a specification that enables ATM services to b...

Page 27: ...n the value provided by ISP VCI Type in the value provided by ISP RIP Protocol Routing Information Protocol is abbreviated as RIP RFC1058 specifying how routers exchange routing tables information Click Enable RIP for activating this function Bridge Mode If you choose Bridged IP as the protocol you can check this box to invoke the function The router will work as a bridge modem WAN IP Network Sett...

Page 28: ...ss or specify another MAC address for your necessity MAC Address Type in the MAC address for the router manually DNS Server IP Address Type in the primary IP address for the router If necessary type in secondary IP address for necessity in the future After finishing all the settings here please click OK to activate them 3 3 1 1 4 4 M Mu ul lt ti i P PV VC Cs s This router allows you to create mult...

Page 29: ...ter The design of network structure is related to what type of public IP addresses coming from your ISP 3 3 2 2 1 1 B Ba as si ic cs s o of f L LA AN N The most generic function of Vigor router is NAT It creates a private subnet of your own As mentioned previously the router will talk to other public hosts on the Internet by using public IP address and talking to local hosts by using its private I...

Page 30: ...h ha at t i is s R Ro ou ut ti in ng g I In nf fo or rm ma at ti io on n P Pr ro ot to oc co ol l R RI IP P Vigor router will exchange routing information with neighboring routers using the RIP to accomplish IP routing This allows users to change the information of the router such as IP address and the routers will automatically inform for each other W Wh ha at t i is s S St ta at ti ic c R Ro ou ...

Page 31: ...e provides you the general settings for LAN Click LAN to open the LAN settings page and choose General Setup 1st IPAddress Type in private IP address for connecting to a local private network Default 192 168 1 1 1st Subnet Mask Type in an address code that determines the size of the network Default 255 255 255 0 24 For IP Routing Usage Click Enable to invoke this function The default setting is Di...

Page 32: ...IP address from above pool Set a list of MAC Address for 2nd DHCP server will help router to assign the correct IP address of the correct subnet to the correct host So those hosts in 2nd subnet won t get an IP address belonging to 1st subnet RIP Protocol Control Disable deactivates the RIP protocol It will lead to a stoppage of the exchange of routing information between routers Default 1st Subnet...

Page 33: ...NS stands for Domain Name System Every Internet host must have a unique IP address also they may have a human friendly easy to remember name such as www yahoo com The DNS server converts the user friendly name into its equivalent IP address Primary IPAddress You must specify a DNS server IP address here because your ISP should provide you with usually more than one DNS Server If your ISP does not ...

Page 34: ...ic c N Ne et tw wo or rk ks s Here is an example of setting Static Route in Main Router so that user A and B locating in different subnet can talk to each other via the router Assuming the Internet access has been configured and the router works properly use the Main Router to surf the Internet create a private subnet 192 168 10 0 using an internal Router A 192 168 1 2 create a public subnet 211 1...

Page 35: ...at those hosts on the internal private subnets ex 192 168 10 0 24 can access the Internet via the router and continuously exchange of IP routing information with different subnets 2 Click the LAN Static Route and click on the Index Number 1 Please add a static route as shown below which regulates all packets destined to 192 168 10 0 will be forwarded to 192 168 1 2 Click OK 3 Return to Static Rout...

Page 36: ...t the index number of the one that you want to delete 2 Select Empty Clear from the drop down menu and then click the OK button to delete the route D De ea ac ct ti iv va at te e S St ta at ti ic c R Ro ou ut te e 3 Go to LAN page and click Static Route to open the web page Select the index number of the one that you want to delete 4 Select Inactive Disable from the drop down menu and then click t...

Page 37: ... you check the box For example if you check the boxes of VLAN0 P1 and VLAN1 P1 you can make P1 to be grouped under VLAN0 and VLAN1 simultaneously VLAN0 3 This router allows you to set 4 groups of virtual LAN Enable Check this box to enable this function for Rate Control The rate control will limit the transmission rate for data in and out Check the corresponding boxes to enable the rate control fu...

Page 38: ...lect the available public port and then forward it At the same time the router shall list an entry in a table to memorize this address port mapping relationship When the public server response the incoming traffic of course is destined to the router s public IP address and the router will do the inversion based on its table Therefore the internal host can communicate with external host smoothly Th...

Page 39: ...cal network LAN such as web servers FTP servers E mail servers etc Most of the case you need a public IP address for each server and this public IP address domain name are recognized by all users Since the server is actually located inside the LAN the network well protected by NAT of the router and identified by its private IP address port the goal of Port Redirection function is to forward all ac...

Page 40: ...defined Note that the router has its own built in services servers such as Telnet HTTP and FTP etc Since the common port numbers of these services servers are all the same you may need to reset the router s in order to avoid confliction For example the built in web configurator in the router is with default port 80 which may conflict with the web server in the local network http 192 168 1 13 80 Th...

Page 41: ... Protocols 50 ESP and 51 AH do not travel on a fixed port Vigor router provides a facility DMZ Host that maps ALL unsolicited data on any protocol to a single host in the LAN Regular web surfing and other such Internet activities from other clients will continue to work without inappropriate interruption DMZ Host allows a defined internal user to be totally exposed to the Internet which usually he...

Page 42: ...Aux WAN IP list for your selection Enable Check to enable the DMZ Host function Private IP Enter the private IP address of the DMZ host or click Choose PC to select one Choose PC Click this button and then a window will automatically pop up as depicted below The window consists of a list of private IP addresses of all hosts in your LAN network Select one private IP address in the list to be the DM...

Page 43: ...o offer service in a local host You should click the appropriate index number to edit or clear the corresponding entry Comment Specify the name for the defined network service Aux WAN IP Display the private IP address of the local host that you specify in WAN Alias If you did not specify any IP address in WAN Alias this item will not be shown Local IP Address Display the private IP address of the ...

Page 44: ...he private IP address of the local host or click Choose PC to select one Choose PC Click this button and subsequently a window having a list of private IP addresses of local hosts will automatically pop up Select the appropriate IP address of the local host in the list Protocol Specify the transport layer protocol It could be TCP UDP or none for selection Start Port Specify the starting port numbe...

Page 45: ...the router to build an unwanted outgoing connection The most basic security concept is to set user name and password while you install your router The administrator login will prevent unauthorized access to the router configuration from your router If you did not set password during installation you can go to System Maintenance to set up your password F Fi ir re ew wa al ll l F Fa ac ci il li it t...

Page 46: ...packets according to the filter rules If legal the packet will pass the router The following illustrations are flow charts explaining how router will treat incoming traffic and outgoing traffic respectively S St ta at te ef fu ul l P Pa ac ck ke et t I In ns sp pe ec ct ti io on n S SP PI I Stateful inspection is a firewall architecture that works at the network layer Unlike legacy static packet f...

Page 47: ...er The below shows the attack types that DoS DDoS defense function can detect 1 SYN flood attack 2 UDP flood attack 3 ICMP flood attack 4 TCP Flag scan 5 Trace route 6 IP options 7 Unknown protocol 8 Land attack 9 Smurf attack 10 SYN fragment 11 ICMP fragment 12 Tear drop attack 13 Fraggle attack 14 Ping of Death attack 15 TCP UDP port scan C Co on nt te en nt t F Fi il lt te er ri in ng g To prov...

Page 48: ...ories This database is updated as frequent as daily by a global team of Internet researchers The server will look up the URL and return a category to your router Your Vigor router will then decide whether to allow access to this site according to the categories you have selected Please note that this action will not introduce any delay in your Web surfing because each of multiple load balanced dat...

Page 49: ... type the log f command Some on line games for example Half Life will use lots of fragmented UDP packets to transfer game data Instinctively as a secure firewall Vigor router will reject these fragmented packets to prevent attack unless you enable Accept Incoming Fragmented UDP Packets By checking this box you can play these kinds of on line games If security concern is in higher priority you cann...

Page 50: ...e next filter set to be executed after the current filter run Do not make a loop with many filter sets To edit Filter Rule click the Filter Rule index button to enter the Filter Rule setup page Comments Enter filter set comments description Maximum length is 14 character long Check to enable the Filter Rule Check this box to enable the filter rule Pass or Block Specifies the action to be taken whe...

Page 51: ...e Start Port and the End Port column will be ignored The filter rule will filter out any port number If the End Port is empty the filter rule will set the port number to be the value of the Start Port Otherwise the port number ranges between the Start Port and the End Port including the Start Port and the End Port If the End Port is empty the port number is not equal to the value of the Start Port...

Page 52: ... defined After that in General Setup you may specify one set for call filter and one set for data filter to execute first 3 3 4 4 4 4 I IM M B Bl lo oc ck ki in ng g IM Blocking means instant messenger blocking Click Firewall and click IM Blocking to open the setup page You will see a list of common IM such as MSN Yahoo ICQ AQL applications Check Enable IM Blocking and select the one s that you wa...

Page 53: ...To block selected P2P applications during specific periods enter the number of the scheduler predefined in Applications Schedule Action Specify the action for each protocol Allow Allow the client to access into the application through the specified protocol Disallow Forbid the client to access into the application through the specified protocol Disallow upload Forbid the client to access into the ...

Page 54: ...to 50 packets per second and 10 seconds respectively Enable UDP flood defense Check the box to activate the UDP flood defense function Once detecting the Threshold of the UDP packets from the Internet has exceeded the defined value the Vigor router will start to randomly discard the subsequent UDP packets for a period defined in Timeout The default setting for threshold and timeout are 150 packets...

Page 55: ...N flag and more fragment bit set Block Fraggle Attack Check the box to activate the Block fraggle Attack function Any broadcast UDP packets received from the Internet is blocked Activating the DoS DDoS defense functionality might block some legal packets For example when you activate the fraggle attack defense all broadcast UDP packets coming from the Internet are blocked Therefore the RIP packets...

Page 56: ...lient All the warning messages related to DoS defense will be sent to user and user can review it through Syslog daemon Look for the keyword DoS in the message followed by a name to indicate what kind of attacks is detected 3 3 4 4 7 7 U UR RL L C Co on nt te en nt t F Fi il lt te er r Based on the list of user defined keywords the URL Content Filter facility in Vigor router inspects the URL strin...

Page 57: ... or a complete URL string Multiple keywords within a frame are separated by space comma or semicolon In addition the maximal length of each frame is 32 character long After specifying keywords the Vigor router will decline the connection request to the website whose URL string matched to any user defined keyword It should be noticed that the more simplified the blocking keyword list the more effic...

Page 58: ...he cookie transmission from inside to outside world to protect the local user s privacy Proxy Check the box to reject any proxy transmission To control efficiently the limited bandwidth usage it will be of great value to provide the blocking mechanism that filters out the multimedia files downloading from web pages Accordingly files with the following extensions will be blocked by the Vigor router...

Page 59: ... router is online you will be able to use the registered domain name to access the router or internal virtual servers from the Internet It is particularly helpful if you host a web server FTP server or other server behind the router Before you use the Dynamic DNS feature you have to apply for free DDNS service to the DDNS service providers The router provides up to three accounts from three differ...

Page 60: ...number 1 to add an account for the router Check Enable Dynamic DNS Account and choose correct Service Provider dyndns org type the registered hostname hostname and domain name suffix dyndns org in the Domain Name block The following two blocks should be typed your account Login Name test and Password test Enable Dynamic DNS Account Check this box to enable the current account If you did check the ...

Page 61: ...ule the router to dialup to the Internet at a specified time but also restrict Internet access to certain hours so that users can connect to the Internet only during certain hours say business hours The schedule is also applicable to other functions You have to set your time before set schedule In System Maintenance Time and Date menu press Inquire Time button to set the Vigor router s clock to cu...

Page 62: ...ed in Idle Timeout field Disable Dial On Demand Specify the connection to be up when it has traffic on the line Once there is no traffic over idle timeout the connection will be down and never up again during the schedule Idle Timeout Specify the duration or period for the schedule How often Specify how often the schedule will be applied Once The schedule will be applied just once Weekdays Specify...

Page 63: ...d by Internet service providers It is the most common method of authenticating and authorizing dial up and tunneled network users The built in RADIUS client feature enables the router to assist the remote dial in user or a wireless station and the RADIUS server in performing mutual authentication It enables centralized remote access authentication for network management Enable Check to enable RADI...

Page 64: ...Messenger to allow full use of the voice video and messaging features Enable UPNP Service Accordingly you can enable either the Connection Control Service or Connection Status Service After setting Enable UPNP Service setting an icon of IP Broadband Connection on Router on Windows XP Network Connections will appear The connection status and control status will be able to be activated The NAT Trave...

Page 65: ...vi ic ce e Deploying QoS Quality of Service management to guarantee that all applications receive the service levels required and sufficient bandwidth to meet performance expectations is indeed one important aspect of modern enterprise network One reason for QoS is that numerous TCP based applications tend to continually increase their transmission rate and consume all available bandwidth which is...

Page 66: ...h DS node in these domains will perform the priority treatment This is called per hop behavior PHB The definition of PHB includes Expedited Forwarding EF Assured Forwarding AF and Best Effort BE AF defines the four classes of delivery or forwarding classes and three levels of drop precedence in each class Vigor routers as edge routers of DS domain shall check the marked DSCP value in the IP header...

Page 67: ...eed and reserved bandwidth to downstream speed Setup There are two level of settings Basic setup Reserved Bandwidth Ratio according to the traffic service type We provide a list of common service types Advance custom setting of Reserved Bandwidth Ratio based on the source address destination address DiffServ CodePoint and service type Enable UDP Bandwidth Control Check this and set the limited ban...

Page 68: ...n advanced configuration for each index number You can insert move edit or delete select rule in this page For inserting a rule click Insert to open the following page SrcEdit allows you to edit source address information DestEdit allows you to edit destination address information If you click one of the buttons you will see the following dialog From the Address Type drop down list please choose o...

Page 69: ...type by the system Please assign one of the levels of the data for processing with QoS control Service Type It determines the service type of the data for processing with QoS control It can also be edited Simply click Add Edd Delete button to access into the following page You can add a new service name for your necessity Also you can Edit Delete to change the one that you added before ...

Page 70: ...send data between two computers across a shared or public network in a manner that emulates the properties of a point to point private link Below shows the menu items for VPN and Remote Access 3 3 6 6 1 1 R Re em mo ot te e A Ac cc ce es ss s C Co on nt tr ro ol l Enable the necessary VPN service as you need If you intend to run a VPN server inside your LAN you should disable the VPN service of Vi...

Page 71: ...m In addition the remote dial in user will use 40 bit to perform encryption prior to using 128 bit for encryption In other words if 1280 bit MPPE encryption method is not available then 40 bit encryption scheme will be applied to encrypt the data Maximum MPPE This option indicates that the router will use the MPPE encryption scheme with maximum bits 128 bits to encrypt the data Mutual Authenticati...

Page 72: ... add the AH ESP payload and use original IP header to encapsulate the data payload only It can just apply to local packet e g L2TP over IPSec The Tunnel mode will not only add the AH ESP payload but also use a new IP header Tunneled IP header to encapsulate the whole original IP packet Authentication Header AH provides data authentication and integrity for IP packets passed between VPN peers This ...

Page 73: ...ection or Remote User Dial In connection here you may edit a table of peer certificate for selection As shown below the router provides 32 entries of digital certificates for peer dial in users Set to Factory Default Click it to clear all indexes Index Click the number below Index to access into the setting page of IPSec Peer Identity Name Display the profile name of that index Next Click this lin...

Page 74: ...h matching value The field includes Country C State ST Location L Organization O Organization Unit OU Common Name CN and Email E 3 3 6 6 5 5 R Re em mo ot te e U Us se er r P Pr ro of fi il le es s You can manage remote access by maintaining a table of remote user profile so that users can be authenticated to dial in or build the VPN connection You may set parameters including specified connection...

Page 75: ...mpty Status Display the access state of the specific dial in user The symbol V and X represent the specific dial in user to be active and inactive respectively Next Click this link to access into next page for setting more accounts Click each index to edit one remote user profile Each Dial In Type requires you to fill the different corresponding fields on the right If the fields gray out it means ...

Page 76: ...Sec Tunnel Allow the remote dial in user to trigger a IPSec VPN connection through Internet L2TP Allow the remote dial in user to make a L2TP VPN connection through the Internet You can select to use L2TP alone or with IPSec Select from below None Do not apply the IPSec policy Accordingly the VPN connection employed the L2TP without IPSec policy can be viewed as one pure L2TP connection Nice to Ha...

Page 77: ...h Encapsulating Security Payload ESP means payload data will be encrypted and authenticated You may select encryption algorithm from Data Encryption Standard DES Triple DES 3DES and AES Local ID Specify a local ID to be used for Dial in setting in the LAN to LAN Profile setup This item is optional and can be used only in IKE aggressive mode Callback Function The callback function provides a callba...

Page 78: ... that the profile is empty Status Indicate the status of individual profiles The symbol V and X represent the profile to be active and inactive respectively Click each index to edit each profile and you will get the following page Each LAN to LAN profile includes 4 subgroups If the fields gray out it means you may leave it untouched The following explanations will guide you to fill all the necessa...

Page 79: ...e connection has been idled over the value the router will drop the connection Enable PING to keep alive This function is to help the router to determine the status of IPSec VPN connection especially useful in the case of abnormal VPN IPSec tunnel disruption For details please refer to the note below Check to enable the transmission of PING packets to a specified IP address PING to the IP Enter th...

Page 80: ...c policy can be viewed as one pure L2TP connection Nice to Have Apply the IPSec policy first if it is applicable during negotiation Otherwise the dial out VPN connection becomes one pure L2TP connection Must Specify the IPSec policy to be definitely applied on the L2TP connection User Name This field is applicable when you select PPTP or L2TP w or w out IPSec policy above Password This field is ap...

Page 81: ...e since more exchanges are done in a secure channel to set up the IPSec session However the Aggressive mode is faster The default value in Vigor router is Main mode IKE phase 1 proposal To propose the local available authentication schemes and encryption algorithms to the VPN peers and get its feedback to find a match Two combinations are available for Aggressive mode and nine for Main mode We sug...

Page 82: ... for the connection afterwards Provide ISDN Number to Remote In the case that the remote peer requires the Vigor router to callback the local ISDN number will be provided to the remote peer Check here to allow the Vigor router to send the ISDN number to the remote router This feature is useful for i model only Allowed Dial In Type Determine the dial in connection with different types ISDN Allow th...

Page 83: ...u select PPTP or L2TP w or w out IPSec policy above Password This field is applicable when you select PPTP or L2TP w or w out IPSec policy above VJ Compression VJ Compression is used for TCP IP protocol header compression This field is applicable when you select PPTP or L2TP w or w out IPSec policy above IKE Authentication Method This group of fields is applicable for IPSec Tunnels and L2TP with I...

Page 84: ...e IPCP negotiation phase If the PPP IP address is fixed by remote side specify the fixed IP address here Remote Network IP Remote Network Mask Add a static router to direct all traffic destined to this Remote Network IP Address Remote Network Mask through the VPN connection For IPSec this is the destination clients IDs of phase 2 quick mode More Add a static router to direct all traffic destined t...

Page 85: ...s User s Guide 79 Dial Click this button to execute dial out function Refresh Seconds Choose the time for refresh the dail information among 5 10 and 30 Refresh Click this button to refresh the whole connection status ...

Page 86: ...9 Any entity wants to utilize digital certificates should first request a certificate issued by a CA server It should also retrieve certificates of other trusted CA servers so it can authenticate the peer with certificates issued by those trusted CA servers Here you can manage generate and manage the local digital certificates and set trusted CA certificates Remember to adjust the time of Vigor ro...

Page 87: ...rtificate request After clicking Generate the generated information will be displayed on the window below 3 3 7 7 2 2 T Tr ru us st te ed d C CA A C Ce er rt ti if fi ic ca at te e Trusted CA certificate lists three sets of trusted CA certificate To import a pre saved trusted CA certificate please click IMPORT to open the following window Use Browse to find out the saved text file Then click Impor...

Page 88: ...he SIP protocol as this is an ideal and convenient deployment for the ITSP Internet Telephony Service Provider and softphone and is widely supported SIP is an end to end signaling protocol that establishes user presence and mobility in VoIP structure Every one who wants to talk using his her SIP Uniform Resource Identifier SIP Address The standard format of SIP URI is sip user password host port S...

Page 89: ...both register to the same SIP Registrar then it will be illustrated as below The major benefit of this mode is that you don t have to memorize your friend s IP address which might change very frequently if it s dynamic Instead of that you will only have to using dial plan or directly dial your friend s account name if you are with the same SIP Registrar Please refer to the Example 1 and 2 in the C...

Page 90: ...Map links on the page to access into next pages for dialplan settings P Ph ho on ne e B Bo oo ok k In this section you can set your VoIP contacts in the phonebook we called DialPlan help you to make calls quickly and easily by using speed dial Phone Number There are total 60 index entries in the DialPlan for you to store all your friends and family members SIP addresses Click any index number to d...

Page 91: ...ow who s calling without memorizing lots of SIP URL Address SIP URL Enter your friend s SIP Address D Di ig gi it t M Ma ap p For the convenience of user this page allows users to edit prefix number for the SIP account with adding number stripping number or replacing number It is used to help user having a quick and easy way to dial out through VoIP interface Enable Check this box to invoke this s...

Page 92: ...unction according to the chosen mode by using the prefix number Min Len Set the minimal length of the dial number for applying the prefix number settings Take the above picture Prefix Table Setup web page as an example if the dial number between 7 and 9 that number can apply the prefix number settings here Max Len Set the maximum length of the dail number for applying the prefix number settings In...

Page 93: ...r Account Name Display the account name of SIP address before Ring Port Specify which port will ring when receiving a phone call STUN Server Type in the IP address of the STUN server External IP Type in the gateway IP address SIP PING interval The default value is 150sec It is useful for a Nortel server NAT Traversal Support Status Show the status for the corresponding SIP account R means such acc...

Page 94: ...ession The default value is 5060 Your peer must set the same value in his her Registrar Domain Realm Set the domain name or IP address of the SIP Registrar server Proxy Set domain name or IP address of SIP proxy server By the time you can type port number after the domain name to specify that port as the destination of data transmission e g nat draytel org 5065 Act as Outbound Proxy Check this box...

Page 95: ... use connects to internet by other device you have to set this function for your necessity None Disable this function Stun Choose this option if there is Stun server provided for your router Manual Choose this option if you want to specify an external IP address as the NAT transversal support Nortel If the soft switch that you use supports nortel solution you can choose this option Ring Port Set V...

Page 96: ...IP lost for example sending data from the public IP of remote router to the private IP of local router you can check this box to solve this problem Dynamic RTP port start Specifies the start port for RTP stream The default value is 10050 Dynamic RTP port end Specifies the end port for RTP stream The default values is 15000 RTP TOS It decides the level of VoIP package Use the drop down list to choo...

Page 97: ... calls do not receive any response they will be forwarded to the SIP URL by the time out SIP URL Type in the SIP URL e g aaa draytel org or abc iptel org as the site for call forwarded Time Out Set the time out for the call forwarding The default setting is 30 sec DND Do Not Disturb mode Set a period of peace time without disturbing by VoIP phone call During the period the one who dial in will lis...

Page 98: ... would like to use G 711 Single Codec If the box is checked only the selected Codec will be applied Packet Size The amount of data contained in a single packet The default value is 20 ms which means the data packet will contain 20 ms voice information Voice Active Detector This function can detect if the voice on both sides is active or not If not the router will do something to save the bandwidth...

Page 99: ...e connection is not established busy tone CONNECTING Indicates that the user is calling out WAIT_ANS Indicates that a connection is launched and waiting for remote user s answer ALERTING Indicates that a call is coming ACTIVE Indicates that the VoIP connection is launched Codec Indicates the voice codec employed by present channel PeerID The present in call or out call peer ID the format may be IP...

Page 100: ...everywhere Wireless LAN enables high mobility so WLAN users can simultaneously access all LAN facilities just like on a wired LAN as well as Internet access The Vigor wireless routers are equipped with a wireless LAN interface compliant with the standard IEEE 802 11g protocol To boost its performance further the Vigor Router is also loaded with advanced wireless technology Super G TM to lift up da...

Page 101: ...ominating security mechanism in industry is separated into two categories WPA personal or called WPA Pre Share Key WPA PSK and WPA Enterprise or called WPA 802 1x In WPA Personal a pre defined key is used for encryption during data transmission WPA applies Temporal Key Integrity Protocol TKIP for data encryption while WPA2 applies AES The WPA Enterprise combines not only encryption but also authen...

Page 102: ...et without hassle of the confidential information leakage For a more flexible deployment you may add a filter of MAC address to isolate single user s access from wired LAN Manage Wireless Stations Station List will display all the station in your wireless network and the status of their connection Below shows the menu items for Wireless LAN 3 3 9 9 2 2 G Ge en ne er ra al l S Se et tt ti in ng gs ...

Page 103: ...EEE802 11g 11b only The radio only supports IEEE802 11b Index 1 15 Set the wireless LAN to work at certain time interval only You may choose up to 4 schedules out of the 15 schedules pre defined in Applications Call Schedule setup The default setting of this filed is blank and the function will always work SSID The default SSID is default We suggest you change it to a particular name It is the ide...

Page 104: ...r while site surveying Long Preamble This option is to define the length of the sync field in a 802 11 packet Most modern wireless network uses short preamble with 56 bit sync filed instead of long preamble with 128 bit sync field However some original 11b wireless network devices only support long preamble Check it to use Long Preamble if needed to communicate with this kind of devices 3 3 9 9 3 ...

Page 105: ...er Mixed or WPA2 only in the field below WPA 802 1x Only Accept WPA clients with 802 1x authentication Remember to select WPA type to define either Mixed or WPA2 only in the field below Since the key will be auto negotiated during authentication the field of key setting below will be not available for input WPA The WPA encrypts each frame transmitted from the radio using the key which either PSK e...

Page 106: ...ntrol their access rights Enable Access Control Select to enable the MAC Address access control feature Policy Select to enable any one of the following policy Choose Activate MAC address filter to type in the MAC addresses for other clients in the network manually Choose Isolate WLAN from LAN will separate all the WLAN stations from LAN based on the MAC Address list MAC Address Filter Display all...

Page 107: ...he MAC address list 3 3 9 9 5 5 S St ta at ti io on n L Li is st t Station List provides the knowledge of connecting wireless clients now along with its status code There is a code summary below for explanation For convenient Access Control you can select a WLAN station and click Add to Access Control below Refresh Click this button to refresh the status of station list Add Click this button to ad...

Page 108: ...interface information Also you could get the current running firmware version or firmware related information from this presentation Model Name Display the model name of the router Firmware Version Display the firmware version of the router Build Date Time Display the date and time of the current firmware build MAC Address Display the MAC address of the LAN Interface 1st IP Address Display the IP ...

Page 109: ...Firmware Version It indicates information about equipped WLAN miniPCi card This also helps to provide availability of some features that are bound with some WLAN miniPCi card 3 3 1 10 0 2 2 A Ad dm mi in ni is st tr ra at to or r P Pa as ss sw wo or rd d This page allows you to set new password Old Password Type in the old password The factory default setting for password is blank New Password Typ...

Page 110: ...Save As dialog the default filename is config cfg You could give it another name by yourself 4 Click Save button the configuration will download automatically to your computer as a file named config cfg The above example is using Windows platform for demonstrating examples The Mac or Linux platform will appear different windows but the backup function is still available ...

Page 111: ... procedure is successful 3 3 1 10 0 4 4 S Sy ys sl lo og g M Ma ai il l A Al le er rt t SysLog function is provided to help users to monitor router There is no bother to directly get into the Web Configurator of the router or borrow debug equipments Enable Click Enable to activate this function Syslog Server IP The IP address of the Syslog server Destination Port Assign a port for the Syslog proto...

Page 112: ...Install the Router Tools in the Utility within provided CD After installation click on the Router Tools Syslog from program menu 3 From the Syslog screen select the router you want to monitor Be reminded that in Network Information select the network adapter used to connect to the router Otherwise you won t succeed in retrieving information from the router ...

Page 113: ...o use the browser time from the remote administrator PC host as router s system time Use Internet Time Select to inquire time information from Time Server on the Internet using assigned protocol Time Protocol Select a time protocol Server IP Address Type the IP address of the time sever Time Zone Select the time zone where the router is located Automatically Update Interval Select a time interval ...

Page 114: ...ets from the Internet For security issue this function is enabled by default Access List You could specify that the system administrator can only login from a specific host or network defined in the list A maximum of three IPs subnet masks is allowed List IP Indicate an IP address allowed to login to the router Subnet Mask Represent a subnet mask allowed to login to the router Default Ports Check ...

Page 115: ...n and click OK To reset the router settings to default values check Using factory default configuration and click OK The router will take 5 seconds to reboot the system 3 3 1 10 0 8 8 F Fi ir rm mw wa ar re e U Up pg gr ra ad de e T TF FT TP P Before upgrading your router firmware you need to install the Router Tools The Firmware Upgrade Utility is included in the tools The following web page will...

Page 116: ... C Co on nn ne ec ct ti io on n Click Diagnostics and click WAN Connection to open the web page Refresh To obtain the latest information click here to reload the page Broadband Access Mode Status Display the broadband access mode and status If the broadband connection is active it will show Internet access mode is enabled If the connection is idle it will show WAN IP Address The WAN IP address for...

Page 117: ...ri ig gg ge er rr re ed d Click Diagnostics and click Dial out Trigger to open the web page Refresh Click it to reload the page 3 3 1 11 1 3 3 R Ro ou ut ti in ng g T Ta ab bl le e Click Diagnostics and click Routing Table to open the web page Refresh Click it to reload the page ...

Page 118: ...pping between an Ethernet hardware address MAC Address and an IP address Refresh Click it to reload the page Clear Click it to clear the whole table 3 3 1 11 1 5 5 D DH HC CP P T Ta ab bl le e The facility provides information on IP address assignments This information is helpful in diagnosing network problems such as IP address conflicts etc Click Diagnostics and click DHCP Table to open the web ...

Page 119: ...gor2800 Series User s Guide 113 3 3 1 11 1 6 6 N NA AT T S Se es ss si io on ns s T Ta ab bl le e Click Diagnostics and click NAT Sessions Table to open the setup page Refresh Click it to reload the page ...

Page 120: ... DS SL L S Sp pe ec ct tr ru um m A An na al ly ys si is s Click Diagnostics and click NAT Active Sessions Table to open the web page Below shows two example diagrams for different type of Vigor router sample 1 sample 2 Refresh Click it to reload the page ...

Page 121: ...ay want to connect to network securely such as the remote branch office and headquarter According to the network structure as shown in the below illustration you may follow the steps to create a LAN to LAN profile These two networks LANs should NOT have the same network address Settings in Router A in headquarter 1 Go to VPN and Remote Access and select Remote Access Control to enable the necessar...

Page 122: ... number to edit a profile 4 Set Common Settings as shown below You should enable both of VPN connections because any one of the parties may start the VPN connection 5 Set Dial Out Settings as shown below to dial to connect to Router B aggressively with the selected Dial Out method If an IPSec based service is selected you should further specify the remote peer IP Address IKE Authentication Method ...

Page 123: ...pression for this Dial Out connection 6 Set Dial In settings to as shown below to allow Router B dial in to build VPN connection If an IPSec based service is selected you may further specify the remote peer IP Address IKE Authentication Method and IPSec Security Method for this Dial In connection Otherwise it will apply the settings defined in IPSec General Setup above ...

Page 124: ...n for this Dial In connection 7 At last set the remote network IP subnet in TCP IP Network Settings so that Router A can direct the packets destined to the remote network to Router B via the VPN connection Settings in Router B in the remote office 1 Go to VPN and Remote Access and select Remote Access Control to enable the necessary VPN service and click OK ...

Page 125: ...rties have known 3 Go to LAN to LAN Click on one index number to edit a profile 4 Set Common Settings as shown below You should enable both of VPN connections because any one of the parties may start the VPN connection 5 Set Dial Out Settings as shown below to dial to connect to Router B aggressively with the selected Dial Out method If an IPSec based service is selected you should further specify...

Page 126: ...pression for this Dial Out connection 6 Set Dial In settings to as shown below to allow Router A dial in to build VPN connection If an IPSec based service is selected you may further specify the remote peer IP Address IKE Authentication Method and IPSec Security Method for this Dial In connection Otherwise it will apply the settings defined in IPSec General Setup above ...

Page 127: ...urther specify the remote peer IP Address Username Password and VJ Compression for this Dial In connection 7 At last set the remote network IP subnet in TCP IP Network Settings so that Router B can direct the packets destined to the remote network to Router A via the VPN connection ...

Page 128: ...e as shown in the below illustration you may follow the steps to create a Remote User Profile and install Smart VPN Client on the remote host Settings in VPN Router in the enterprise office 1 Go to VPN and Remote Access and select Remote Access Control to enable the necessary VPN service and click OK 2 Then for using PPP based services such as PPTP L2TP you have to set general settings in PPP Gene...

Page 129: ...tion If an IPSec based service is selected you may further specify the remote peer IP Address IKE Authentication Method and IPSec Security Method for this Dial In connection Otherwise it will apply the settings defined in IPSec General Setup above If a PPP based service is selected you should further specify the remote peer IP Address Username Password and VJ Compression for this Dial In connectio...

Page 130: ... complimentary software to help you create PPTP L2TP and L2TP over IPSec tunnel You can find it in CD ROM in the package or go to www draytek com download center Install as instructed 2 After successful installation for the first time user you should click on the Step 0 Configure button Reboot the host 3 In Step 2 Connect to VPN Server click Insert button to add a new entry If an IPSec based servi...

Page 131: ...P based service is selected you should further specify the remote VPN server IP address Username Password and encryption method The User Name and Password should be consistent with the one set up in the VPN router To use default gateway on remote network means that all the packets of remote host will be directed to VPN server then forwarded to Internet This will make the remote host seem to be wor...

Page 132: ... Vigor router at home to connect to the server in the headquater office downtown via either HTTPS or VPN to check email and access internal database Meanwhile children may chat on VoIP or Skype in the restroom 1 Make sure the QoS Control on the left corner is checked And select BOTH in Direction 2 Enter the Class Name of Index 1 In this index she will set reserve bandwidth for Email using protocol...

Page 133: ...us UDP traffic of VoIP influent other application 7 If the worker has connected to the headquater using host to host VPN tunnel Please refer to Chapter 3 VPN for detail instruction he may set up an index for it Enter the Class Name of Index 3 In this index he will set reserve bandwidth for 1 VPN tunnel And click Advanced button on the right 8 Click edit to open a new window First check the ACT box...

Page 134: ...rresponding deployment are shown below The default Vigor router private IP address Subnet Mask is 192 168 1 1 255 255 255 0 The built in DHCP server is enabled so it assigns every local NATed host an IP address of 192 168 1 x starting from 192 168 1 10 You can just set the settings wrapped inside the red rectangles to fit the request of NAT usage ...

Page 135: ...129 To use another DHCP server in the network rather than the built in one of Vigor Router you have to change the settings as show below You can just set the settings wrapped inside the red rectangles to fit the request of NAT usage ...

Page 136: ...Vigor2800 Series User s Guide 130 ...

Page 137: ...org Proxy draytel org Act as outbound proxy unhecked Display Name John Account Number Name 1234 Authentication ID unchecked Password Expiry Time use default value CODEC RTP DTMF Use default value John calls David He picks up the phone and dials 1111 DialPlan Phone Number for David Settings for David DialPlan index 1 Phone Number 2222 Display Name John SIP URL 1234 draytel org SIP Accounts Settings...

Page 138: ...use default value CODEC RTP DTMF Use default value John calls David He picks up the phone and dials 1111 DialPlan Phone Number for David Or He picks up the phone and dials 4321 David s Account Name Settings for David DialPlan index 1 Phone Number 2222 Display Name John SIP URL 1234 draytel org SIP Accounts Settings Profile Name John Register via Auto SIP Port 5060 default Domain Realm draytel org ...

Page 139: ...ofile Name Paulin Register via None SIP Port 5060 default Domain Realm blank Proxy blank Act as outbound proxy unchecked Display Name Arnor Account Name 1234 Authentication ID unchecked Password blank Expiry Time use default value CODEC RTP DTMF Use default value Arnor calls Paulin He picks up the phone and dials 1111 DialPlan Phone Number for Arnor Settings for Paulin DialPlan index 1 Phone Numbe...

Page 140: ...ind out Utility menu and click it 3 On the webpage of Utility click Install Now under Syslog description to install the corresponding program 4 The file RTSxxx exe will be asked to copy onto your computer Remember the place of storing the execution file 5 Go to www draytek com to find out the newly update firmware for your router 6 Access into Support Center Downloads Find out the model name of th...

Page 141: ...n Programs and choose Router Tools XXX Firmware Upgrade Utility 12 Type in your router IP usually 192 168 1 1 13 Click the button to the right side of Firmware file typing box Locate the files that you download from the company web sites You will find out two files with different extension names xxxx all keep the old custom settings and xxxx rst reset all the custom settings to default settings Ch...

Page 142: ...uide 136 14 Click Send 15 Now the firmware update is finished 4 4 7 7 R Re eq qu ue es st t a a c ce er rt ti if fi ic ca at te e f fr ro om m a a C CA A s se er rv ve er r o on n W Wi in nd do ow ws s C CA A S Se er rv ve er r ...

Page 143: ...te Management and choose Local Certificate 2 You can click GENERATE button to start to edit a certificate request Enter the information in the certificate request 3 Copy and save the X509 Local Certificate Requet as a text file and save it for later use ...

Page 144: ...elect Request a Certificate Select Advanced request Select Submit a certificate request a base64 encoded PKCS 10 file or a renewal request using a base64 encoded PKCS 7 file Import the X509 Local Certificate Requet text file Select Router Offline request or IPSec Offline request below Then you have done the request and the server now issues you a certificate Select Base ...

Page 145: ...se the file to import the certificate cer file into Vigor router When finished click refresh and you will find the below window showing BEGINE CERTIFICATE 6 You may review the detail information of the certificate by clicking View button 4 4 8 8 R Re eq qu ue es st t a a C CA A C Ce er rt ti if fi ic ca at te e a an nd d S Se et t a as s T Tr ru us st te ed d o on n W Wi in nd do ow ws s C CA A S ...

Page 146: ...le to download click CA Certificate Current and Base 64 encoded and Download CA certificate to save the cer file 3 Back to Vigor router go to Trusted CA Certificate Click IMPORT button and browse the file to import the certificate cer file into Vigor router When finished click refresh and you will find the below illustration 4 You may review the detail information of the certificate by clicking Vi...

Page 147: ...Vigor2800 Series User s Guide 141 Note Before setting certificate configuration please go to System Maintenance Time and Date to reset current time of the router first ...

Page 148: ...Vigor2800 Series User s Guide 142 ...

Page 149: ...f t th he e H Ha ar rd dw wa ar re e S St ta at tu us s I Is s O OK K o or r N No ot t Follow the steps below to verify the hardware status 1 Check the power line and WLAN LAN cable connections Refer to 2 1 Hardware Installation for details 2 Turn on the router Make sure the ACT LED blink once per second and the correspondent LAN LED is bright 3 If not it means that there is something wrong with t...

Page 150: ...o the examples for other operation systems please refer to the similar steps or find support notes in www draytek com 1 Go to Control Panel and then double click on Network Connections 2 Right click on Local Area Connection and click on Properties 3 Select Internet Protocol TCP IP and then click Properties ...

Page 151: ...matically and Obtain DNS server address automatically F Fo or r M Ma ac cO Os s 1 Double click on the current used MacOs on the desktop 2 Open the Application folder and get into Network 3 On the Network screen select Using DHCP from the drop down list of Configure IPv4 ...

Page 152: ...e router correctly F Fo or r W Wi in nd do ow ws s 1 Open the Command Prompt window from Start menu Run 2 Type command for Windows 95 98 ME or cmd for Windows NT 2000 XP The DOS command dialog will appear 3 Type ping 192 168 1 1 and press Enter It the link is OK the line of Reply from 192 168 1 1 bytes 32 time 1ms TTL 25 will appear 4 If the line does not appear please check the IP address setting...

Page 153: ...Vigor2800 Series User s Guide 147 ...

Page 154: ...gs s a ar re e O OK K o or r N No ot t Click Internet Access group and then check whether the ISP settings are set correctly F Fo or r P PP PP Po oE E P PP PP Po oA A U Us se er rs s 1 Check if the Enable option is selected 2 Check if Username and Password are entered with correct values that you got from your ISP ...

Page 155: ... ct to or ry y D De ef fa au ul lt t S Se et tt ti in ng g I If f N Ne ec ce es ss sa ar ry y Sometimes a wrong connection can be improved by returning to the default settings Try to reset the router by software or hardware Warning After pressing factory default setting you will loose all settings you did before Make sure you have recorded all useful settings before you pressing The password of fa...

Page 156: ... Then the router will restart with the default configuration After restore the factory default setting you can configure the settings for the router again to fit your personal request 5 5 6 6 C Co on nt ta ac ct ti in ng g Y Yo ou ur r D De ea al le er r If the router still cannot work correctly after trying many efforts please contact your dealer for further help right away For any questions plea...

Page 157: ...Vigor2800 Series User s Guide 151 ...