Draytek VIGOR2820 series, User Manual

Page 1: ...Vigor2820 Series ADSL2 2 Security Firewall User s Guide Version 2 1 Date 2008 10 13...

Page 2: ...ons on conservation of the environment Warranty We warrant to the original end user purchaser that the router will be free from any defects in workmanship or materials for a period of two 2 years from...

Page 3: ...st harmful interference in a residential installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause h...

Page 4: ...c Settings 21 2 1 Changing Password 21 2 2 Quick Start Wizard 23 2 2 1 PPPoE PPPoA 24 2 2 2 1483 Bridged IP 26 2 2 3 1483 Routed IP 27 2 3 Online Status 28 2 4 Saving Configuration 31 3 AdvancedWebCon...

Page 5: ...1 Sessions Limit 109 3 7 2 Bandwidth Limit 111 3 7 3 Quality of Service 112 3 8 Applications 119 3 8 1 Dynamic DNS 119 3 8 2 Schedule 121 3 8 3 RADIUS 123 3 8 4 UPnP 124 3 8 5 IGMP 125 3 8 6 Wake on...

Page 6: ...de 216 3 15 Diagnostics 217 3 15 1 Dial out Trigger 217 3 15 2 Routing Table 218 3 15 3 ARP Cache Table 218 3 15 4 DHCP Table 219 3 15 5 NAT Sessions Table 219 3 15 6 Ping Diagnosis 220 3 15 7 Data Fl...

Page 7: ...5 2 Checking If the Network Connection Settings on Your Computer Is OK or Not 254 5 3 Pinging the Router from Your Computer 256 5 4 Checking If the ISP Settings are OK or Not 257 5 5 Problems for 3G...

Page 8: ......

Page 9: ...Vigor2820 S series models support two ISDN ports Phone S0 port is dedicated for ISDN phone and ISDN Phone S0 port is configurable for ISDN line and phone if required It can support multiple SIP regis...

Page 10: ...e WEB UI of this device ISDN TE Terminal Equipment means an interface for transmitting analog signal through Internet between Switching and router Such interface is also named with ISDN S0 extern in G...

Page 11: ...ranning On The router is ready to access Internet through WAN connection WAN2 Blinking It will blink while transmitting data On The DoS DDoS function is active DoS Blinking It will blink while deletin...

Page 12: ...see the ACT LED begins to blink rapidly than usual release the button Then the router will restart with the factory default configuration LAN 1 4 Connecters for local networked devices DSL Connecter f...

Page 13: ...s ready to access Internet through WAN connection WAN2 Blinking It will blink while transmitting data On The DoS DDoS function is active DoS Blinking It will blink while deleting an attack VPN On The...

Page 14: ...the default settings Usage Turn on the router ACT LED is blinking Press the hole and keep for more than 5 seconds When you see the ACT LED begins to blink rapidly than usual release the button Then th...

Page 15: ...ith 100Mbps WAN 2 Right LED Green Off The port is disconnected with 10Mbps On A PSTN phone call comes in and out However when the phone call is disconnected the LED will be off about six seconds later...

Page 16: ...the router ACT LED is blinking Press the hole and keep for more than 5 seconds When you see the ACT LED begins to blink rapidly than usual release the button Then the router will restart with the fac...

Page 17: ...e connected to this port is off hook Off The phone connected to this port is on hook Phone Blinking A phone call comes QoS On The QoS function is active LED on Connector On ISDN NT ISDN S0 intern mode...

Page 18: ...eset Restore the default settings Usage Turn on the router ACT LED is blinking Press the hole and keep for more than 5 seconds When you see the ACT LED begins to blink rapidly than usual release the b...

Page 19: ...t is off hook Off The phone connected to this port is on hook Phone Blinking A phone call comes QoS On The QoS function is active LED on Connector On ISDN NT ISDN S0 intern mode is active and an ISDN...

Page 20: ...h WPS Press Wireless LAN ON OFF WPS button once to enable WLAN LED on or disable WLAN LED off wireless connection Factory Reset Restore the default settings Usage Turn on the router ACT LED is blinkin...

Page 21: ...ble RJ 45 2 Connect one end of an Ethernet cable RJ 45 to one of the LAN ports of the router and the other end of the cable RJ 45 into the Ethernet port on your computer 3 Connect the telephone sets w...

Page 22: ...S0 is always fixed to connect ISDN phone However ISDN Phone S0 is configurable as NT or TE mode When the user configures ISDN Phone S0 as NT mode in VoIP Phone Settings the orange LED will light on t...

Page 23: ...nnected this router can print documents via the router The example provided here is made based on Windows XP 2000 For Windows 98 SE please visit www draytek com Before using it please follow the steps...

Page 24: ...a New Computer A welcome dialog will appear Please click Next 4 Click Local printer attached to this computer and click Next 5 In this dialog choose Create a new port Type of port and use the drop dow...

Page 25: ...following dialog type 192 168 1 1 router s LAN IP in the field of Printer Name or IP Address and type IP_192 168 1 1 as the port name Then click Next 7 Click Standard and choose Generic Network Card 8...

Page 26: ...rrect driver loaded onto your PC When you finish the selection click Next 10 For the final stage you need to go back to Control Panel Printers and edit the property of the new printer you have added 1...

Page 27: ...other additional functions are not supported If you do not know whether your printer is supported or not please visit www draytek com to find out the printer list Open Support Center FAQ find out the...

Page 28: ...Vigor2820 Series User s Guide 20 This page is left blank...

Page 29: ...assword for this device you have to access into the web browse with default password first 1 Make sure your computer connects to the router correctly Notice You may either simply set up your computer...

Page 30: ...have 4 Go to System Maintenance page and choose Administrator Password 5 Enter the login password the default is blank on the field of Old Password Type New Password Then click OK to continue 6 Now t...

Page 31: ...please click Next On the next page as shown below please select the WAN interface WAN 1 or WAN2 that you use If DSL interface is used please choose WAN1 if WAN2 interface is used please choose WAN2 C...

Page 32: ...Point to Point Protocol over Ethernet It relies on two widely accepted standards PPP and Ethernet It connects users through an Ethernet to the Internet with a common broadband medium such as a single...

Page 33: ...will be shown User Name Assign a specific valid user name provided by the ISP Password Assign a valid password provided by the ISP Confirm Password Retype the password Click Next for viewing summary o...

Page 34: ...I IP P Click 1483 Bridged IP as the protocol Type in all the information that your ISP provides for this protocol Click Next for viewing summary of such connection Click Finish A page of Quick Start W...

Page 35: ...3 Routed IP as the protocol Type in all the information that your ISP provides for this protocol After finishing the settings in this page click Next to see the following page Click Finish A page of Q...

Page 36: ...s shows the system status WAN status ADSL Information and other status related to this router within one page If you select PPPoE PPPoA as the protocol you will find out a link of Dial PPPoE or Drop P...

Page 37: ...Vigor2820 Series User s Guide 29 Online status for Static IP for WAN1 Online status for DHCP WAN1...

Page 38: ...in WAN1 WAN web page Mode Displays the type of WAN connection e g PPPoE Up Time Displays the total uptime of the interface IP Displays the IP address of the WAN interface GW IP Displays the IP address...

Page 39: ...N connection of that interface WAN1 WAN2 is ready for accessing Internet the words in red mean that the WAN connection of that interface WAN1 WAN2 is not ready for accessing Internet 2 2 4 4 S Sa av v...

Page 40: ...Vigor2820 Series User s Guide 32 This page is left blank...

Page 41: ...55 255 From 192 168 0 0 to 192 168 255 255 W Wh ha at t a ar re e P Pu ub bl li ic c I IP P A Ad dd dr re es ss s a an nd d P Pr ri iv va at te e I IP P A Ad dd dr re es ss s As the router plays a rol...

Page 42: ...Load Balance can be done in the router Besides 3G USB Modem in WAN2 also can be used as backup device Therefore when WAN1 is not available the router will use 3 5G for supporting automatically The sup...

Page 43: ...DSL port yet the physical connection for WAN2 is done through an Ethernet port P1 or USB port You cannot change it To use 3G network connection through 3G USB Modem choose 3G USB Modem as the physical...

Page 44: ...ge of WAN Internet Access In addition there are three selections for you to choose for different purposes WAN2 Fail It means the connection for WAN1 will be activated when WAN2 is failed WAN2 Upload s...

Page 45: ...o the Internet when WAN 1 is inactive for some reason Display Name It shows the name of the WAN1 WAN2 that entered in general setup Physical Mode It shows the physical port for WAN1 WAN2 Config Inform...

Page 46: ...ur ISP Multi PVC channel The selections displayed here are determined by the page of Internet Access Multi PVCs Select M PVCs Channel means no selection will be chosen VPI Type in the value provided b...

Page 47: ...h function allows you to verify whether network connection is alive or not through ARP Detect or Ping Detect Mode Choose ARP Detect or Ping Detect for the system to execute for WAN detection Ping IP I...

Page 48: ...or the router Specify a MAC Address Type the MAC address for the router manually Index 1 15 in Schedule Setup You can type in four sets of time schedule for your request All the schedules can be set p...

Page 49: ...M PVCs Channel means no selection will be chosen Encapsulating Type Drop down the list to choose the type provided by ISP VPI Type in the value provided by ISP VCI Type in the value provided by ISP M...

Page 50: ...routers exchange routing tables information Click Enable RIP for activating this function Bridge Mode If you choose Bridged IP as the protocol you can check this box to invoke the function The router...

Page 51: ...AC Address or specify another MAC address for your necessity MAC Address Type in the MAC address for the router manually DNS Server IP Address Type in the primary IP address for the router If necessar...

Page 52: ...e and you can use the number that you have set in that web page ISDN Dial Backup Setup This setting is available for the routers supporting ISDN function only Before utilizing the ISDN dial backup fea...

Page 53: ...you want to use this function WAN IP Alias If you have multiple public IP addresses and would like to utilize them on the WAN interface please use WAN IP Alias You can set up to 8 public IP addresses...

Page 54: ...ble this function will be closed and all the settings that you adjusted in this page will be invalid ISDN Dial Backup Setup This setting is available for the routers supporting ISDN function only Befo...

Page 55: ...etwork Settings This group allows you to obtain an IP address automatically and allows you type in IP address manually WAN IP Alias If you have multiple public IP addresses and would like to utilize t...

Page 56: ...or activating this function If you click Disable this function will be closed and all the settings that you adjusted in this page will be invalid PPTP Server Specify the IP address of the PPTP server...

Page 57: ...In this case you can fill in this IP address in the Fixed IP field Please contact your ISP before you want to use this function WAN IP Alias If you have multiple public IP addresses and would like to...

Page 58: ...ction of identification Modem Dial String Such value is used to dial through USB mode Please use the default value If you have any question please contact to your ISP PPP Username Type the PPP usernam...

Page 59: ...able eight channels in this page yet only one channel can be chosen on the web page of Internet Access VPI Type in the value provided by your ISP VCI Type in the value provided by your ISP QoS Type Se...

Page 60: ...ngs must be applied and obtained from your ISP For your special request please contact with your ISP and then click WAN link of Channel 3 4 or 5 to configure your router A AT TM M Q Qo oS S Such confi...

Page 61: ...rst PVC As to set the second PVC line please click the Port based Bridge tab to open Bridge configuration page Enable Check this box to enable that channel Only channel 3 to 8 can be set in this page...

Page 62: ...li ic cy y This router supports the function of load balancing It can assign traffic with protocol type IP address for specific host a subnet of hosts and port range to be allocated in WAN1 or WAN2 i...

Page 63: ...splays the IP address for the end of the destination port Move UP Move Down Use Up or Down link to move the order of the policy Click Index 1 to access into the following page for configuring load bal...

Page 64: ...fied WAN interface If this field is blank it means that all the destination IPs will be passed through the WAN interface Dest Port Start Type the destination port start for the destination IP Dest Por...

Page 65: ...does is to translate the packets from public IP address to private IP address to forward the right packets to the right host and vice versa Besides Vigor router has a built in DHCP server that assign...

Page 66: ...W Wh ha at t i is s S St ta at ti ic c R Ro ou ut te e When you have several subnets in your LAN sometimes a more effective and quicker way for connection is the Static routes function rather than oth...

Page 67: ...lt 192 168 1 1 1st Subnet Mask Type in an address code that determines the size of the network Default 255 255 255 0 24 For IP Routing Usage Click Enable to invoke this function The default setting is...

Page 68: ...net with neighboring routers DHCP Server Configuration DHCP stands for Dynamic Host Configuration Protocol The router by factory default acts a DHCP server for your network so it automatically dispatc...

Page 69: ...IP address 194 109 6 66 to this field Secondary IPAddress You can specify secondary DNS server IP address here because your ISP often provides you more than one DNS Server If your ISP does not provid...

Page 70: ...that user A and B locating in different subnet can talk to each other via the router Assuming the Internet access has been configured and the router works properly z use the Main Router to surf the I...

Page 71: ...nd continuously exchange of IP routing information with different subnets 2 Click the LAN Static Route and click on the Index Number 1 Check the Enable box Please add a static route as shown below whi...

Page 72: ...and select VLAN The following page will appear Click Enable to invoke VLAN function To add or remove a VLAN please refer to the following example 1 If VLAN 0 is consisted of hosts linked to P1 and P2...

Page 73: ...disable this function All the settings on this page will be invalid Strict Bind Click this radio button to block the connection of the IP MAC which is not listed in IP Bind List ARP Table This table i...

Page 74: ...d to the router s public IP address and the router will do the inversion based on its table Therefore the internal host can communicate with external host smoothly The benefit of the NAT includes z Sa...

Page 75: ...address port of the server The port redirection can only apply to incoming traffic To use this function please go to NAT page and choose Port Redirection web page The Port Redirection Table provides...

Page 76: ...nge as the port redirection mode you will see two boxes on this field Simply type the required number on the first box The second one will be assigned automatically later Private IP Specify the privat...

Page 77: ...rts to the specific private IP address port of host in the LAN However other IP protocols for example Protocols 50 ESP and 51 AH do not travel on a fixed port Vigor router provides a facility DMZ Host...

Page 78: ...AN Alias for PPPoE PPPoA or MPoA mode you will find them in Aux WAN IP for your selection Enable Check to enable the DMZ Host function Private IP Enter the private IP address of the DMZ host or click...

Page 79: ...Vigor2820 Series User s Guide 71 When you have selected one private IP from the above dialog the IP address will be shown on the following screen Click OK to save the setting...

Page 80: ...relative number for the particular entry that you want to offer service in a local host You should click the appropriate index number to edit or clear the corresponding entry Comment Specify the name...

Page 81: ...click Choose PC to select one Choose PC Click this button and subsequently a window having a list of private IP addresses of local hosts will automatically pop up Select the appropriate IP address of...

Page 82: ...on SPI tracks packets and denies unsolicited incoming data z Selectable Denial of Service DoS Distributed DoS DDoS attacks protection I IP P F Fi il lt te er rs s Depending on whether there is an exis...

Page 83: ...m s resource while the vulnerability attacks will try to paralyze the system by offending the vulnerabilities of the protocol or operation system The DoS Defense function enables the Vigor router to i...

Page 84: ...ilter Select one of the IM P2P Filter Profile settings created in CSM IM P2P Filter for applying with this router Please set at least one profile for choosing in CSM IM P2P Filter Profile web page fir...

Page 85: ...to use the default settings here Codepage This function is used to compare the characters among different languages Choose correct codepage can help the system obtaining correct ASCII after decoding d...

Page 86: ...ming Fragmented UDP Packets 3 3 4 4 3 3 F Fi il lt te er r S Se et tu up p Click Firewall and click Filter Setup to open the setup page To edit or add a filter click on the set number to edit the indi...

Page 87: ...at certain time interval only You may choose up to 4 schedules out of the 15 schedules pre defined in Applications Schedule setup The default setting of this filed is blank and the function will alway...

Page 88: ...ed groups or objects please choose Group and Objects as the Address Type From the IP Group drop down list choose the one that you want to apply Or use the IP Object drop down list to choose the object...

Page 89: ...ion to be taken when packets match the rule Block Immediately Packets matching the rule will be dropped immediately Pass Immediately Packets matching the rule will be passed immediately Block If No Fu...

Page 90: ...can specify the filter log and or CSM log here Check the corresponding box to enable the log function Then the filter log and or CSM log will be shown on Draytek Syslog window Advance Setting Click E...

Page 91: ...he performance will be However if the network is not stable small value will be proper Session timeout Setting timeout for sessions can make the best utilization of network resources However Queue tim...

Page 92: ...two IP filters call filter or data filter You may preset 12 call filters and data filters in Filter Setup and even link them in a serial manner Each filter set is composed by 7 filter rules which can...

Page 93: ...o 50 packets per second and 10 seconds respectively Enable UDP flood defense Check the box to activate the UDP flood defense function Once detecting the Threshold of the UDP packets from the Internet...

Page 94: ...d more fragment bit set Block Fraggle Attack Check the box to activate the Block fraggle Attack function Any broadcast UDP packets received from the Internet is blocked Activating the DoS DDoS defense...

Page 95: ...Client All the warning messages related to DoS Defense will be sent to user and user can review it through Syslog daemon Look for the keyword DoS in the message followed by a name to indicate what ki...

Page 96: ...Ob bj je ec ct t You can set up to 192 sets of IP Objects with different conditions Set to Factory Default Clear all profiles Click the number under Index column for settings in detail Name Type a na...

Page 97: ...he IP address Select Single Address if this object contains one IP address only Select Range Address if this object contains several IPs within a range Select Subnet Address if this object contains on...

Page 98: ...Index column for settings in detail Name Type a name for this profile Maximum 15 characters are allowed Interface Choose WAN LAN or Any to display all the available IP objects with the specified inter...

Page 99: ...Factory Default Clear all profiles Click the number under Index column for settings in detail Name Type a name for this profile Protocol Specify the protocol s which this profile will apply to Source...

Page 100: ...last values are different it indicates that all the ports except the range defined here are available for this service type the port number greater than this value is available the port number less th...

Page 101: ...Object will be shown in this box Selected Service Type Objects Click button to add the selected IP objects in this box 3 3 5 5 5 5 K Ke ey yw wo or rd d O Ob bj je ec ct t You can set 200 keyword obj...

Page 102: ...ation will be watched out and be passed blocked based on the configuration on Firewall settings 3 3 5 5 6 6 K Ke ey yw wo or rd d G Gr ro ou up p This page allows you to bind several keyword objects i...

Page 103: ...7 7 F Fi il le e E Ex xt te en ns si io on n O Ob bj je ec ct t This page allows you to set eight profiles which will be applied in CSM URL Content Filter All the files with the extension names speci...

Page 104: ...Series User s Guide 96 Profile Name Type a name for this profile Type a name for such profile and check all the items of file extension that will be processed in the router Finally click OK to save th...

Page 105: ...actory Default Clear all profiles Click the number under Profile column for configuration in details There are several types of Instant Messenger IM provided here for you to choose to disallow people...

Page 106: ...or2820 Series User s Guide 98 Profile Name Type a name for this profile Type a name for such profile and check all the items that not allowed to be used in the host Finally click OK to save this profi...

Page 107: ...Set to Factory Default Clear all profiles Click the number under Profile column for configuration in details There are several items for P2P protocols provided here for you to choose to disallow peopl...

Page 108: ...applications These profiles will be applied in CSM IM P2P Filter Profile for filtering Set to Factory Default Clear all profiles Click the number under Profile column for configuration in details App...

Page 109: ...e misusage during office hour or prevent unknown security leak It is similar situation for corporation towards peer to peer applications since file sharing can be convenient but insecure at the same t...

Page 110: ...ve web feature If malicious code hides inside it may occupy user s system W We eb b C Co on nt te en nt t F Fi il lt te er r We all know that the content on the Internet just like other types of media...

Page 111: ...e inappropriate web sites but also prohibit other web feature where malicious code may conceal Once a user type in or click on an URL with objectionable keywords URL keyword blocking facility will dec...

Page 112: ...tive web feature If malicious code hides inside it may occupy user s system For example if you add key words such as sex Vigor router will limit web access to web sites or web pages such as www sex co...

Page 113: ...mine the priority for the actions executed For this one the router will process the packages with the conditions set below for web feature first then URL second Log None There is no log file will be r...

Page 114: ...long After specifying keywords the Vigor router will decline the connection request to the website whose URL string matched to any user defined keyword It should be noticed that the more simplified th...

Page 115: ...you should protect those in your trust against the hazards With Web filtering service of the Vigor router you can protect your business from common primary threats such as productivity legal liability...

Page 116: ...er Simply click the index number under Profile to open the following web page Action Pass allow accessing into the corresponding webpage with the categories listed on the box below Block restrict acce...

Page 117: ...an nd dw wi id dt th h M Ma an na ag ge em me en nt t Below shows the menu items for Bandwidth Management 3 3 7 7 1 1 S Se es ss si io on ns s L Li im mi it t A PC with private IP address can access...

Page 118: ...he end IP address for limit session Maximum Sessions Defines the available session number for each host in the specific range of IP addresses If you do not set the session number in this field the sys...

Page 119: ...t bandwidth Default TX limit Define the default speed of the upstream for each computer in LAN Default RX limit Define the default speed of the downstream for each computer in LAN Limitation List Disp...

Page 120: ...or crucial applications and marking them for high priority service level enforcement throughout the network z Scheduling Based on classification of service level to assign packets to queues and associ...

Page 121: ...Setup link to access into next page for the general setup of WAN 1 2 interface As to class rule simply click the Edit link to access into next for configuration You can configure general setup for the...

Page 122: ...his box The default value is 10000kbps Reserved Bandwidth Ratio It is reserved for the group index in the form of ratio of reserved bandwidth to upstream speed and reserved bandwidth to downstream spe...

Page 123: ...Qo oS S The first three Class 1 to Class 3 class rules can be adjusted for your necessity To add edit or delete the class rule please click the Edit link of that one After you click the Edit link you...

Page 124: ...net Address you have to fill in Start IP address and Subnet Mask DiffServ CodePoint All the packets of data will be divided with different levels and will be processed according to the level type by t...

Page 125: ...e S Se er rv vi ic ce e T Ty yp pe e f fo or r C Cl la as ss s R Ru ul le e To add a new service type edit or delete an existed service type please click the Edit link under Service Type field After y...

Page 126: ...tion Click Single or Range as the Type If you select Range you have to type in the starting port number and the end porting number on the boxes below Port Number Type in the starting port number and t...

Page 127: ...ind the router Before you use the Dynamic DNS feature you have to apply for free DDNS service to the DDNS service providers The router provides up to three accounts from three different DDNS service p...

Page 128: ...count If you did check the box you will see a check mark appeared on the Active column of the previous web page in step 2 WAN Interface Select the WAN interface order to apply settings here Service Pr...

Page 129: ...is also applicable to other functions You have to set your time before set schedule In System Maintenance Time and Date menu press Inquire Time button to set the Vigor router s clock to current time...

Page 130: ...d in Idle Timeout field Disable Dial On Demand Specify the connection to be up when it has traffic on the line Once there is no traffic over idle timeout the connection will be down and never up again...

Page 131: ...d by Internet service providers It is the most common method of authenticating and authorizing dial up and tunneled network users The built in RADIUS client feature enables the router to assist the re...

Page 132: ...essenger to allow full use of the voice video and messaging features Enable UPNP Service Accordingly you can enable either the Connection Control Service or Connection Status Service After setting Ena...

Page 133: ...ve found out the UPnP weaknesses and hence you need to ensure that you have applied the latest service packs and patches Non privileged users can control some router functions including removing and a...

Page 134: ...us If you check Enable IGMP Proxy you will get the following page All the multicast groups will be listed and all the LAN ports P1 to P4 are available for use 3 3 8 8 6 6 W Wa ak ke e o on n L LA AN N...

Page 135: ...t have been configured in Firewall Bind IP to MAC will be shown in this drop down list Choose the IP address from the drop down list that you want to wake up MAC Address Type any one of the MAC addres...

Page 136: ...his feature can be applied for ISDN remote dial in or ISDN LAN to LAN connection in n series models 3 3 9 9 1 1 R Re em mo ot te e A Ac cc ce es ss s C Co on nt tr ro ol l Enable the necessary VPN ser...

Page 137: ...thm In addition the remote dial in user will use 40 bit to perform encryption prior to using 128 bit for encryption In other words if 128 bit MPPE encryption method is not available then 40 bit encryp...

Page 138: ...nel The Transport mode will add the AH ESP payload and use original IP header to encapsulate the data payload only It can just apply to local packet e g L2TP over IPSec The Tunnel mode will not only a...

Page 139: ...use digital certificate for peer authentication in either LAN to LAN connection or Remote User Dial In connection here you may edit a table of peer certificate for selection As shown below the router...

Page 140: ...to accept the peer with matching value The field can be IP Address Domain or E mail Address The box under the Type will appear according to the type you select and ask you to fill in corresponding se...

Page 141: ...rver through the built in RADIUS client function The following figure shows the summary table Set to Factory Default Click to clear all indexes Index Click the number below Index to access into the se...

Page 142: ...nnel Allow the remote dial in user to make an IPSec VPN connection through Internet L2TP Allow the remote dial in user to make a L2TP VPN connection through the Internet You can select to use L2TP alo...

Page 143: ...e Check the Medium DES 3DES or AES box as the security method Medium Authentication Header AH means data will be authenticated but not be encrypted By default this option is invoked You can uncheck it...

Page 144: ...neously The following figure shows the summary table Set to Factory Default Click to clear all indexes Name Indicate the name of the LAN to LAN profile The symbol represents that the profile is empty...

Page 145: ...n there is conflict occurred between the hosts on both sides of VPN Tunnel in connecting such function can block data transmission of Netbios Naming Packet inside the tunnel VPN Connection Through Use...

Page 146: ...help to provide the state of a VPN connection for router s judgment of redial Normally if any one of VPN peers wants to disconnect the connection it should follow a serial of packet exchange procedur...

Page 147: ...ey Digital Signature X 509 Select one predefined Profiles set in the VPN and Remote Access IPSec Peer Identity IPSec Security Method This group of fields is a must for IPSec Tunnels and L2TP with IPSe...

Page 148: ...fetime of key should be defined The default value is 28800 seconds You may specify a value in between 900 and 86400 seconds IKE phase 2 key lifetime For security reason the lifetime of key should be d...

Page 149: ...e a PPTP VPN connection through the Internet You should set the User Name and Password of remote dial in user below IPSec Tunnel Allow the remote dial in user to trigger an IPSec VPN connection throug...

Page 150: ...ion is Digital Signature X 509 can be set when you select IPSec tunnel either with or without specify the IP address of the remote node Pre Shared Key Check the box of Pre Shared Key to invoke this fu...

Page 151: ...e Do not change the default value if you do not select ISDN PPTP or L2TP Remote Network IP Remote Network Mask Add a static route to direct all traffic destined to this Remote Network IP Address Remot...

Page 152: ...nections You may disconnect any VPN connection by clicking Drop button You may also aggressively Dial out by using Dial out Tool and clicking Dial button Dial Click this button to execute dial out fun...

Page 153: ...Any entity wants to utilize digital certificates should first request a certificate issued by a CA server It should also retrieve certificates of other trusted CA servers so it can authenticate the p...

Page 154: ...Import Click this button to import a saved file as the certification information Refresh Click this button to refresh the information listed below View Click this button to view the detailed settings...

Page 155: ...ick IMPORT to open the following window Use Browse to find out the saved text file Then click Import The one you imported will be listed on the Trusted CA Certificate window Then click Import to use t...

Page 156: ...d mobility in VoIP structure Every one who wants to talk using his her SIP Uniform Resource Identifier SIP Address The standard format of SIP URI is sip user password host port Some fields may be opti...

Page 157: ...u have to know your friend s IP Address The Vigor VoIP Routers will build connection between each other Please refer to the section 4 5 2 Our Vigor V models firstly apply efficient codecs designed to...

Page 158: ...ke calls quickly and easily by using speed dial Phone Number There are total 60 index entries in the phonebook for you to store all your friends and family members SIP addresses Loop through and Backu...

Page 159: ...lable for 2820VSn 2820Vn model Enable Click this to enable this entry Phone Number The speed dial number of this index This can be any number you choose using digits 0 9 and Display Name The Caller ID...

Page 160: ...he loop through direction chosen Note that during the phone switch the blare of phone will appear for a short time And when the VoIP phone is switched into the PSTN phone the telecom co might charge y...

Page 161: ...be deleted by the prefix number for calling out through the specific VoIP interface Take the above picture Prefix Table Setup web page as an example the OP number of 886 will be deleted completely fo...

Page 162: ...web page as an example if the dial number is between 7 and 9 that number can apply the prefix number settings here Max Len Set the maximum length of the dial number for applying the prefix number set...

Page 163: ...th such mechanism ISDN means ISDN call will be blocked with such mechanism Index 1 15 in Schedule Enter the index of schedule profiles to control the call barring according to the preconfigured schedu...

Page 164: ...gured schedules For Block IP Address this function can block incoming calls through Phone port coming from IP address Such control also can be done based on preconfigured schedules R Re eg gi io on na...

Page 165: ...cified place Call Forward Deact Dial the number typed in this field to release the call forward function Call Forward Busy Act Dial the number typed in this field to forward all the incoming calls to...

Page 166: ...the number typed in this field to release this function Block Last Calls Act Dial the number typed in this field to block the last incoming phone call P PS ST TN N S Se et tu up p Some emergency phon...

Page 167: ...ter with Registrar using AuthorizationUser Domain Realm After that your call will be bypassed by SIP Proxy to the destination using AccountName Domain Realm as identity Index Click this link to access...

Page 168: ...ing with MSN numbers STUN Server Type in the IP address or domain of the STUN server External IP Type in the gateway IP address SIP PING interval The default value is 150 sec It is useful for a Nortel...

Page 169: ...d enter the name or number used for SIP Authorization with SIP Registrar If this setting value is the same as Account Name it is not necessary for you to check the box and set any value in this field...

Page 170: ...ISDN S0 can be used by mapping with MSN numbers Ring Pattern Choose a ring tone type for the VoIP phone call 3 3 1 11 1 3 3 P Ph ho on ne e S Se et tt ti in ng gs s This page allows user to set phone...

Page 171: ...his router in certain case Please refer to Section 4 1 for detailed information of ISDN phone network connection If you want to enable function of ISDN On Net Off Net you have to choose ISDN2 TE Call...

Page 172: ...router not misleading due to IP lost for example sending data from the public IP of remote router to the private IP of local router you can check this box to solve this problem Dynamic RTP Port Start...

Page 173: ...P URL only when the local system is busy No Answer means if the incoming calls do not receive any response they will be forwarded to the SIP URL by the time out SIP URL Type in the SIP URL e g aaa dra...

Page 174: ...each session and so may not be your default choice The default codec is G 729A B it occupies little bandwidth while maintaining good voice quality If your upstream speed is only 64Kbps do not use G 71...

Page 175: ...ume gain MISC and DTMF mode Advanced setting is provided for fitting the telecommunication custom for the local area of the router installed Wrong tone settings might cause inconvenience for users To...

Page 176: ...use the default setting DTMF DTMF Mode There are four DTMF modes for you to choose InBand Choose this one then the Vigor will send the DTMF tone as audio directly when you press the keypad on the phon...

Page 177: ...n the limited time that you set in this field if there is no response the connecting call will be closed automatically Call Forwarding There are four options for you to choose Disable is to close call...

Page 178: ...to pick up the waiting phone call Call Transfer Check this box to invoke this function Click hook flash to initiate another phone call When the phone call connection succeeds hang up the phone The ot...

Page 179: ...he character in this field for transferring The character that you can type can be and 0 9 To VoIP for ISDN The router is set by using VoIP call To change VoIP call into ISDN call please dial the char...

Page 180: ...l tone Ringing tone Busy tone and Congestion tone will be shown automatically on the page If you cannot find out a suitable one please choose User Defined and fill out the corresponding values for dia...

Page 181: ...eypad on the phone OutBand Choose this one then the Vigor will capture the keypad number you pressed and transform it to digital form then send to the other side the receiver will generate the tone ac...

Page 182: ...m mo od de el l o on nl ly y Vigor2820VSn allows users to switch the function of ISDN2 port between TE or S0 mode Please use the drop down list to choose the one you want If you choose ISDN2 S0 please...

Page 183: ...P URL only when the local system is busy No answer means if the incoming calls do not receive any response they will be forwarded to the SIP URL by the time out SIP URL Type in the SIP URL e g aaa dra...

Page 184: ...s the data packet will contain 20 ms voice information Voice Active Detector This function can detect if the voice on both sides is active or not If not the router will do something to save the bandwi...

Page 185: ...a proper region to let the system find out the preset tone settings and caller ID type automatically Or you can adjust tone settings manually if you choose User Defined TOn1 TOff1 TOn2 and TOff2 mean...

Page 186: ...to eight with digits from zero to nine Check for VoIP to ISDN Calls Set a pin code for the router to authenticate which one is allowed to dial VoIP to ISDN call The figure that you can type in this f...

Page 187: ...atus for each port Refresh Seconds Specify the interval of refresh time to obtain the latest VoIP calling information The information will update immediately when the Refresh button is clicked Port It...

Page 188: ...tion session Rx Losts Total number of lost packets during this connection session Rx Jitter The jitter of received voice packets In Calls Accumulation for the times of in call Out Calls Accumulation f...

Page 189: ...uch number you have offer your request from ISDN service provider first Every outgoing call will carry the number to the receiver Blocked MSN Numbers for the router Enter the specified MSN number into...

Page 190: ...hoose Any as ISDN S0 port when the router receives the incoming phone call with certain number for reaching ISDN S0 all the phone sets connected to ISDN S0 will ring at the same time Phone CLIR CLIP C...

Page 191: ...lls you by dialing 5972722 the router will make no phone ringing for the number is not specified in such page If you use Phone to dial an outgoing call remote user will see the telephone number 597272...

Page 192: ...ISDN B channel for Internet access Dialup 128Kbps allows you to use both ISDN B channels for Internet access Dialup BOD for detailed information of configuration please refer to section 3 12 4 stands...

Page 193: ...ocol during the PPP negotiation PPP MP Setup Link Type There are three link types provided here for different purpose Link Disable disables the ISDN dial out function Dialup 128Kbps allows you to use...

Page 194: ...ISP Setup ISP Name Enter the secondary ISP name Dial Number Enter the ISDN access number provided by the ISP Username Enter the username provided by your ISP Password Enter the password provided by yo...

Page 195: ...r only for the ISDN models be remotely activated or be able to dial up to the ISP via the ISDN interface Vigor routers provide this feature by allowing user to make a phone call to the router and then...

Page 196: ...broadband connection users can make a regular phone call the number is set in the Remote Activation field to the router as signaling it for activation The phone call will be soon disconnected once the...

Page 197: ...rket for wireless communications has enjoyed tremendous growth Wireless technology now reaches or is capable of reaching virtually every location on the surface of the earth Hundreds of millions of pe...

Page 198: ...a encryption while WPA2 applies AES The WPA Enterprise combines not only encryption but also authentication Since WEP has been proved vulnerable you may consider using WPA for the most secure connecti...

Page 199: ...a al l S Se et tu up p By clicking the General Settings a new web page will appear so that you could configure the SSID and the wireless channel Please refer to the following figure for more informati...

Page 200: ...or just cannot see any thing about Vigor wireless router while site surveying The system allows you to set four sets of SSID for different usage In default the first set of SSID will be enabled You ca...

Page 201: ...about 40 for 11g 5 for 11n by checking Tx Burst It is active only when both sides of Access Point and Station in wireless client invoke this function at the same time That is the wireless client must...

Page 202: ...he Security Settings a new web page will appear so that you could configure the settings of WEP and WPA Mode There are several modes provided for you to choose Disable Turn off the encryption mechanis...

Page 203: ...s leading by 0x such as 0x321253abcde Type Select from Mixed WPA WPA2 or WPA2 only Pre Shared Key PSK Either 8 63 ASCII characters such as 012345678 or 64 Hexadecimal digits leading by 0x such as 0x32...

Page 204: ...s of wireless client Attribute s Isolate the station from LAN select to isolate the wireless connection of the wireless client of the MAC address from LAN Add Add a new MAC address into the list Delet...

Page 205: ...r client and router automatically There are two methods to do network connection through WPS between AP and Stations pressing the Start PBC button or using PIN Code z On the side of Vigor 2820 series...

Page 206: ...e Display current authentication mode of the router Only WPA2 PSK and WPA PSK support WPS Configure via Push Button Click Start PBC to invoke Push Button style WPS setup procedure The router will wait...

Page 207: ...two WDS modes are implemented in Vigor router One is Bridge the other is Repeater Below shows the function of WDS bridge interface The application for the WDS Repeater mode is depicted as below The m...

Page 208: ...ks However hosts connected to Bridge 1 CANNOT communicate with hosts connected to Bridge 3 through Bridge 2 Click WDS from Wireless LAN menu The following page will be shown Mode Choose the mode for W...

Page 209: ...r peer MAC addresses are allowed to be entered in this page at one time Similarly if you want to invoke the peer MAC address remember to check Enable box in the front of the MAC address after typing A...

Page 210: ...ble 3 3 1 13 3 8 8 W WM MM M C Co on nf fi ig gu ur ra at ti io on n WMM is an abbreviation of Wi Fi Multimedia It defines the priority levels for four access categories derived from 802 1d prioritiza...

Page 211: ...ontrol Mandatory It can restrict stations from using specific category class if it is checked Note Vigor2820 provides standard WMM configuration in the web page If you want to modify the parameters pl...

Page 212: ...om of the page or choose the AP MAC address from the Scan result field and click Bridge or Repeater Next click Add to Later the MAC address of the AP will be added to Bridge or Repeater field of WDS s...

Page 213: ...Vigor2820 Series User s Guide 205 Refresh Click this button to refresh the status of station list Add Click this button to add current selected MAC address into Access Control...

Page 214: ...Maintenance 3 3 1 14 4 1 1 S Sy ys st te em m S St ta at tu us s The System Status provides basic network settings of Vigor router It includes LAN and WAN interface information Also you could get the...

Page 215: ...of the WAN interface Default Gateway Display the assigned IP address of the default gateway Wireless LAN MAC Address Display the MAC address of the wireless LAN Frequency Domain It can be Europe 13 u...

Page 216: ...ype them Such information is useful for Auto Configuration Server Enable Disable Sometimes port conflict might be occurred To solve such problem you might want to change port number for CPE Please cli...

Page 217: ...ain 3 3 1 14 4 4 4 C Co on nf fi ig gu ur ra at ti io on n B Ba ac ck ku up p B Ba ac ck ku up p t th he e C Co on nf fi ig gu ur ra at ti io on n Follow the steps below to backup your configuration 1...

Page 218: ...a file named config cfg The above example is using Windows platform for demonstrating examples The Mac or Linux platform will appear different windows but the backup function is still available Note B...

Page 219: ...1 14 4 5 5 S Sy ys sl lo og g M Ma ai il l A Al le er rt t SysLog function is provided for users to monitor router There is no bother to directly get into the Web Configurator of the router or borrow...

Page 220: ...this box to activate this function while using e mail application User Name Type the user name for authentication Password Type the password for authentication Enable E mail Alert Check the box to sen...

Page 221: ...use the browser time from the remote administrator PC host as router s system time Use Internet Time Select to inquire time information from Time Server on the Internet using assigned protocol Time P...

Page 222: ...box es to specify Disable PING from the Internet Check the checkbox to reject all PING packets from the Internet For security issue this function is enabled by default Access List You could specify t...

Page 223: ...3 3 1 14 4 8 8 R Re eb bo oo ot t S Sy ys st te em m The Web Configurator may be used to restart your router Click Reboot System from System Maintenance to open the following page If you want to rebo...

Page 224: ...an example Note that this example is running over Windows OS Operating System Download the newest firmware from DrayTek s web site or FTP site The DrayTek web site is www draytek com or local DrayTek...

Page 225: ...agnostics 3 3 1 15 5 1 1 D Di ia al l o ou ut t T Tr ri ig gg ge er r Click Diagnostics and click Dial out Trigger to open the web page The internet connection e g ISDN PPPoE PPPoA etc is triggered by...

Page 226: ...reload the page 3 3 1 15 5 3 3 A AR RP P C Ca ac ch he e T Ta ab bl le e Click Diagnostics and click ARP Cache Table to view the content of the ARP Address Resolution Protocol cache held in the router...

Page 227: ...assigned by this router for specified PC MAC Address It displays the MAC address for the specified PC that DHCP assigned IP address for it Leased Time It displays the leased time of the specified PC...

Page 228: ...lick Ping Diagnosis to pen the web page Ping through Use the drop down list to choose the WAN interface that you want to ping through or choose Unspecified to be determined by the router automatically...

Page 229: ...lick IP Address TX rate RX rate or Session link for arranging the data display Enable Data Flow Monitor Check this box to enable this function Refresh Seconds Use the drop down list to choose the time...

Page 230: ...remaining time will be shown on the session column 3 3 1 15 5 8 8 T Tr ra af ff fi ic c G Gr ra ap ph h Click Diagnostics and click Traffic Graph to pen the web page Choose WAN1 Bandwidth WAN2 Bandwid...

Page 231: ...box and click Run The result of route trace will be shown on the screen Trace through Use the drop down list to choose the WAN interface that you want to ping through or choose Unspecified to be dete...

Page 232: ...Vigor2820 Series User s Guide 224 This page is left blank...

Page 233: ...y want to connect to network securely such as the remote branch office and headquarter According to the network structure as shown in the below illustration you may follow the steps to create a LAN to...

Page 234: ...number to edit a profile 4 Set Common Settings as shown below You should enable both of VPN connections because any one of the parties may start the VPN connection 5 Set Dial Out Settings as shown bel...

Page 235: ...ression for this Dial Out connection 6 Set Dial In settings to as shown below to allow Router B dial in to build VPN connection If an IPSec based service is selected you may further specify the remote...

Page 236: ...for this Dial In connection 7 At last set the remote network IP subnet in TCP IP Network Settings so that Router A can direct the packets destined to the remote network to Router B via the VPN connec...

Page 237: ...etup such as the pre shared key that both parties have known 3 Go to LAN to LAN Click on one index number to edit a profile 4 Set Common Settings as shown below You should enable both of VPN connectio...

Page 238: ...rname Password PPP Authentication and VJ Compression for this Dial Out connection 6 Set Dial In settings to as shown below to allow Router A dial in to build VPN connection If an IPSec based service i...

Page 239: ...rther specify the remote peer IP Address Username Password and VJ Compression for this Dial In connection 7 At last set the remote network IP subnet in TCP IP Network Settings so that Router B can dir...

Page 240: ...as shown in the below illustration you may follow the steps to create a Remote User Profile and install Smart VPN Client on the remote host Settings in VPN Router in the enterprise office 1 Go to VPN...

Page 241: ...ion If an IPSec based service is selected you may further specify the remote peer IP Address IKE Authentication Method and IPSec Security Method for this Dial In connection Otherwise it will apply the...

Page 242: ...please use Network and Dial up connections or Smart VPN Client complimentary software to help you create PPTP L2TP and L2TP over IPSec tunnel You can find it in CD ROM in the package or go to www dray...

Page 243: ...uthentication method If the Pre Shared Key is selected it should be consistent with the one set in VPN router If a PPP based service is selected you should further specify the remote VPN server IP add...

Page 244: ...tt ti in ng g E Ex xa am mp pl le e Assume a teleworker sometimes works at home and takes care of children When working time he would use Vigor router at home to connect to the server in the headquart...

Page 245: ...Guide 237 3 Return to previous page Enter the Name of Index Class 1 by clicking Edit link Type the name E mail for Class 1 4 For this index the user will set reserved bandwidth e g 25 for E mail using...

Page 246: ...up link for WAN1 7 Check Enable UDP Bandwidth Control on the bottom to prevent enormous UDP traffic of VoIP influent other application Click OK 8 If the worker has connected to the headquarter using h...

Page 247: ...39 9 Click Edit to open the following window Check the ACT box first 10 Then click Edit of Local Address to set a worker s subnet address Click Edit of Remote Address to set headquarter s IP address L...

Page 248: ...vate IP address Subnet Mask is 192 168 1 1 255 255 255 0 The built in DHCP server is enabled so it assigns every local NATed host an IP address of 192 168 1 x starting from 192 168 1 10 You can just s...

Page 249: ...usage 4 4 5 5 C Ca al ll li in ng g S Sc ce en na ar ri io o f fo or r V Vo oI IP P f fu un nc ct ti io on n 4 4 5 5 1 1 C Ca al ll li in ng g v vi ia a S SI IP P S Se ev ve er r Example 1 Both John a...

Page 250: ...ue CODEC RTP DTMF Use default value John calls David He picks up the phone and dials 1111 DialPlan Phone Number for David Settings for David DialPlan index 1 Phone Number 2222 Display Name John SIP UR...

Page 251: ...se default value CODEC RTP DTMF Use default value John calls David He picks up the phone and dials 1111 DialPlan Phone Number for David Or He picks up the phone and dials 4321 David s Account Name Set...

Page 252: ...ain Realm blank Proxy blank Act as outbound proxy unchecked Display Name Arnor Account Name 1234 Authentication ID unchecked Password blank Expiry Time use default value CODEC RTP DTMF Use default val...

Page 253: ...click Install Now under Syslog description to install the corresponding program 4 The file RTSxxx exe will be asked to copy onto your computer Remember the place of storing the execution file 5 Go to...

Page 254: ...Programs and choose Router Tools XXX Firmware Upgrade Utility 12 Type in your router IP usually 192 168 1 1 13 Click the button to the right side of Firmware file typing box Locate the files that you...

Page 255: ...ide 247 14 Click Send 15 Now the firmware update is finished 4 4 7 7 R Re eq qu ue es st t a a c ce er rt ti if fi ic ca at te e f fr ro om m a a C CA A s se er rv ve er r o on n W Wi in nd do ow ws s...

Page 256: ...e Management and choose Local Certificate 2 You can click GENERATE button to start to edit a certificate request Enter the information in the certificate request 3 Copy and save the X509 Local Certifi...

Page 257: ...ake a Windows 2000 CA server for example Select Request a Certificate Select Advanced request Select Submit a certificate request a base64 encoded PKCS 10 file or a renewal request using a base64 enco...

Page 258: ...te Now you should get a certificate cer file and save it 5 Back to Vigor router go to Local Certificate Click IMPORT button and browse the file to import the certificate cer file into Vigor router Whe...

Page 259: ...ti if fi ic ca at te e a an nd d S Se et t a as s T Tr ru us st te ed d o on n W Wi in nd do ow ws s C CA A S Se er rv ve er r 1 Use web browser connecting to the CA server that you would like to retr...

Page 260: ...d CA Certificate Click IMPORT button and browse the file to import the certificate cer file into Vigor router When finished click refresh and you will find the below illustration 4 You may review the...

Page 261: ...cking to factory default setting if necessary If all above stages are done and the router still cannot run normally it is the time for you to contact your dealer for advanced help 5 5 1 1 C Ch he ec c...

Page 262: ...er trying the above section if the link is stilled failed please do the steps listed below to make sure the network connection settings is OK F Fo or r W Wi in nd do ow ws s The example is based on Wi...

Page 263: ...atically and Obtain DNS server address automatically F Fo or r M Ma ac cO Os s 1 Double click on the current used MacOs on the desktop 2 Open the Application folder and get into Network 3 On the Netwo...

Page 264: ...router correctly F Fo or r W Wi in nd do ow ws s 1 Open the Command Prompt window from Start menu Run 2 Type command for Windows 95 98 ME or cmd for Windows NT 2000 XP The DOS command dialog will app...

Page 265: ...No ot t Click WAN Internet Access and then check whether the ISP settings are set correctly Click WAN1 or WAN2 link to review the settings that you configured previously F Fo or r P PP PP Po oE E U Us...

Page 266: ...A A U Us se er rs s 1 Check if the Enable option is selected 2 Check if DSL Modem Settings is set appropriately Check if IP Address Subnet Mask and Gateway are set correctly must identify with the val...

Page 267: ...n is selected 2 Check if IP address Subnet Mask and Gateway are entered with correct values that you got from your ISP F Fo or r P PP PT TP P U Us se er rs s 1 Check if the Enable option for PPTP Link...

Page 268: ...oblem of system Please open DrayTek Syslog Tool to capture the connection information WAN Log and send the page similar to the following graphic to the service center of DrayTek T Tr ra an ns sm mi is...

Page 269: ...he router is running ACT LED blinking press the Factory Reset button and hold for more than 5 seconds When you see the ACT LED blinks rapidly please release the button Then the router will restart wit...