manualshive.com logo in svg

Draytek Vigor2926, User Manual

The Draytek Vigor2926 user manual is an essential resource for maximizing the potential of this powerful networking device. You can easily download the comprehensive manual for free from our website, ensuring you have access to all the necessary guidance and instructions needed to optimize your experience with the Vigor2926.

Share
Download
background image

 

Vigor2926 Series User’s Guide

 

261

I

I

I

I

I

I

-

-

1

1

-

-

1

1

2

2

 

 

B

B

a

a

n

n

d

d

 

 

S

S

t

t

e

e

e

e

r

r

i

i

n

n

g

g

 

 

Band Steering detects if the wireless clients are capable of 5GHz operation, and steers them 

to that frequency. It helps to leave 2.4GHz band available for legacy clients, and improves 
users experience by reducing channel utilization. 

 

If dual-band is detected, the AP will let the wireless client connect to less congested wireless 

LAN, such as 5GHz to prevent from network congestion. 

 

 

 

Info 

 

To make Band Steering work successfully, SSID and security on 2.4GHz also 

MUST be broadcasted on 5GHz. 

Summary of Contents for Vigor2926

Page 1: ...i ...

Page 2: ...Vigor2926 Series User s Guide ii Vigor2926 Series Dual WAN Security Router User s Guide Version 1 0 Firmware Version V3 8 7 For future update please visit DrayTek web site Date November 7 2017 ...

Page 3: ...warrant to the original end user purchaser that the router will be free from any defects in workmanship or materials for a period of two 2 years from the date of purchase from the dealer Please keep your purchase receipt in a safe place as it serves as proof of date of purchase During the warranty period and upon proof of purchase should the product have indications of failure due to faulty workma...

Page 4: ...Vigor2926 Series User s Guide iv ...

Page 5: ...al Panel 25 I 5 2 Name with a Link 25 I 5 3 Status for LTE 26 I 5 4 Quick Access for Common Used Menu 26 I 5 5 GUI Map 27 I 5 6 Web Console 28 I 5 7 Config Backup 29 I 5 8 Logout 29 I 5 9 Online Status 30 I 5 9 1 Physical Connection 30 I 5 9 2 Virtual WAN 32 I 6 Quick Start Wizard 33 I 6 1 For WAN1 WAN2 Ethernet 34 I 6 2 For WAN3 WAN4 USB 42 I 6 3 For LTE WAN 44 I 7 Service Activation Wizard 46 I ...

Page 6: ...3 Multi VLAN 87 II 1 4 WAN Budget 91 II 1 4 1 General Setup 91 II 1 4 2 Status 93 Application Notes 94 A 1 How to configure settings for IPv6 Service in Vigor2926 94 II 2 LAN 106 Web User Interface 108 II 2 1 General Setup 108 II 2 1 1 Details Page for LAN1 Ethernet TCP IP and DHCP Setup 110 II 2 1 2 Details Page for LAN2 LAN5 and DMZ 112 II 2 1 3 Details Page for IP Routed Subnet 114 II 2 1 4 Det...

Page 7: ... 1X General Setup 182 Application Notes 184 A 1 How to use DrayDDNS 184 A 2 How to Configure Customized DDNS 189 A 3 How to Implement the LDAP AD Authentication for User Management 193 II 6 Routing 196 Web User Interface 197 II 6 1 Static Route 197 II 6 2 Load Balance Route Policy 202 II 6 2 1 General Setup 202 II 6 2 2 Diagnose 207 II 6 3 BGP Routing 210 II 6 3 1 Basic Settings 210 II 6 3 1 Stati...

Page 8: ...I 1 13 Roaming 265 III 1 14 Station List 266 Part IV VoIP 267 IV 1 VoIP 268 Web User Interface 270 IV 1 1 VoIP Wizard 270 IV 1 2 General Settings 272 IV 1 3 SIP Accounts 275 IV 1 4 DialPlan 280 IV 1 4 1 Phone Book 280 IV 1 4 2 Digit Map 282 IV 1 4 3 Call Barring 284 IV 1 4 4 Regional 286 IV 1 4 5 PSTN Setup 287 IV 1 5 Phone Settings 288 IV 1 6 Status 292 Part V VPN 295 V 1 VPN and Remote Access 29...

Page 9: ...ity 361 VI 1 Firewall 362 Web User Interface 364 VI 1 1 General Setup 364 VI 1 2 Filter Setup 369 VI 1 3 DoS Defense 380 VI 1 4 Diagnose 383 Application Notes 386 A 1 How to Configure Certain Computers Accessing to Internet 386 VI 2 Central Security Management CSM 390 Web User Interface 391 VI 2 1 APP Enforcement Profile 391 VI 2 2 APPE Signature Upgrade 395 VI 2 3 URL Content Filter Profile 397 V...

Page 10: ...460 VII 2 3 Quality of Service 462 VII 2 4 APP QoS 469 Application Notes 471 A 1 How to Optimize the Bandwidth through QoS Technology 471 A 2 QoS Setting Example 475 VII 3 User Management 480 Web User Interface 481 VII 3 1 General Setup 481 VII 3 2 User Profile 483 VII 3 3 User Group 488 VII 3 4 User Online Status 489 Application Notes 491 A 1 How to authenticate clients via User Management 491 A ...

Page 11: ...to upgrade CPE firmware through Vigor2926 series 550 VII 6 Central Management AP 553 Web User Interface 554 VII 6 1 Dashboard 554 VII 6 2 Status 555 VII 6 3 WLAN Profile 556 VII 6 4 AP Maintenance 561 VII 6 5 AP Map 562 VII 6 6 Traffic Graph 565 VII 6 7 Rogue AP Detection 566 VII 6 8 Event Log 569 VII 6 9 Total Traffic 569 VII 6 10 Station Number 570 VII 6 11 Load Balance 570 VII 6 12 Function Sup...

Page 12: ...fication Object 619 VIII 1 12 String Object 621 VIII 1 13 Country Object 622 Application Notes 624 A 1 How to Send a Notification to Specified Phone Number via SMS Service in WAN Disconnection 624 VIII 2 USB Application 628 Web User Interface 629 VIII 2 1 USB General Settings 629 VIII 2 2 USB User Management 630 VIII 2 3 File Explorer 632 VIII 2 4 USB Device Status 633 VIII 2 5 Temperature Sensor ...

Page 13: ...thentication Information 662 IX 1 17 DoS Flood Table 663 IX 1 18 Route Policy Diagnosis 665 IX 2 Checking If the Hardware Status Is OK or Not 667 IX 3 Checking If the Network Connection Settings on Your Computer Is OK or Not 668 IX 4 Pinging the Router from Your Computer 671 IX 5 Checking If the ISP Settings are OK or Not 673 IX 6 Problems for 3G 4G Network Connection 674 IX 7 Backing to Factory D...

Page 14: ......

Page 15: ...P Pa ar rt t I I I In ns st ta al ll la at ti io on n This part will introduce Vigor router and guide to install the device in hardware and software ...

Page 16: ......

Page 17: ...inside Object based firewall is flexible and allows your network be safe User Management implemented on your router firmware can allow you to prevent any computer from accessing your Internet connection without a username or password You can also allocate time budgets to your employees within office network With the 6 port Gigabit switch on the LAN side provides extremely high speed connectivity f...

Page 18: ...deactivated LTE Blinking Quickly The data is transmitting Slowly LTE device is in dialing up procedure On USB device is connected and ready for use USB1 USB2 USB Blinking The data is transmitting WCF On The Web Content Filter is active It is enabled from Firewall General Setup On The VPN tunnel is active Off VPN service is disabled VPN Blinking Traffic is passing through VPN tunnel On The DMZ func...

Page 19: ...e ACT LED begins to blink rapidly than usual release the button Then the router will restart with the factory default configuration LAN1 LAN5 Connecters for local network devices WAN1 WAN2 Connecter for local network devices or modem for accessing Internet USB1 USB2 Connector for a USB device for 3G 4G USB Modem or printer or Environmental Thermometer PWR Connecter for a power adapter ON OFF Power...

Page 20: ... or encounters troubles e g No SIM SIM PIN error SIM deactivated LTE Blinking Quickly The data is transmitting Slowly LTE device is in dialing up procedure On USB device is connected and ready for use USB Blinking The data is transmitting WCF On The Web Content Filter is active It is enabled from Firewall General Setup On 2 4G 5G Wireless access point with bandwidth of 2 4GHz 5GHz is ready WLAN Wi...

Page 21: ...eft LED Blinking The data is transmitting On The port is connected with 1000Mbps LAN1 LAN4 Right LED Off The port is connected with 10 100Mbps On The port is connected Off The port is disconnected Left LED Blinking The data is transmitting On The port is connected with 1000Mbps WAN1 WAN2 Right LED Off The port is connected with 10 100Mbps ...

Page 22: ...ll be switched changed according to the button pressed and released For example 2 4G On and 5G On in default 2 4G Off and 5G On pressed and released the button once 2 4G On and 5G Off pressed and released the button twice 2 4G Off and 5G Off pressed and released the button three times When WPS function is enabled by web user interface press this button for more than 2 seconds to wait for client s ...

Page 23: ...iguration LAN1 LAN4 Connecters for local network devices WAN1 WAN2 Connecter for local network devices or modem for accessing Internet USB1 2 USB Connecter for a USB device for 3G 4G USB Modem or printer or thermometer PWR Connecter for a power adapter ON OFF Power Switch SIM Card Slot Connector for a SIM card ...

Page 24: ...f The phone connected to this port is on hook Phone1 Phone2 Blinking A phone call comes On Wireless access point with bandwidth of 2 4GHz 5GHz is ready 2 4G 5G Blinking It will blink slowly while wireless traffic goes through ACT and WLAN LEDs blink quickly and simultaneously when WPS is working and will return to normal condition after two minutes You need to setup WPS within 2 minutes LED on Con...

Page 25: ... client s device making network connection through WPS Factory Reset Restore the default settings Usage Turn on the router ACT LED is blinking Press the hole and keep for more than 5 seconds When you see the ACT LED begins to blink rapidly than usual release the button Then the router will restart with the factory default configuration USB1 USB2 Connecter for a USB device for 3G 4G USB Modem or pr...

Page 26: ...talled on the extension base before connecting to Vigor router There are two mounting holes for installing antennas with extension base on Vigor router Please install them as shown below Note if only one antenna shall be installed please use the mounting hole major signal transmitted hole near to the SIM card slot Extension Base Extension Base SIM Card Slot Major Signal Transmitted Hole ...

Page 27: ... the left side There are two types of antennas provided for Vigor2862Ln Vigor2862Lac which must be installed in different locations carefully and correctly Wrong installation might cause bad signal of wireless connection Therefore pay attention to the installation of antennas by referring to the following illustration SMA jack for WLAN Antenna SMA jack for LTE Antenna with extension base ...

Page 28: ...SL Modem Media Converter to any WAN port of router with Ethernet cable RJ 45 2 Connect one end of an Ethernet cable RJ 45 to one of the LAN ports of the router and the other end of the cable RJ 45 into the Ethernet port on your computer 3 Connect one end of the power adapter to the router s power port on the rear panel and the other side into a wall outlet 4 Power on the device by pressing down th...

Page 29: ...provided on the Vigor router packaging box to enable you to space the screws correctly on the wall 2 Place the template on the wall and drill the holes according to the recommended instruction 3 Fit screws into the wall using the appropriate type of wall plug Note The recommended drill diameter shall be 6 5mm 1 4 4 When you finished about procedure the router has been mounted on the wall firmly ...

Page 30: ...PCs connected this router can print documents via the router The example provided here is made based on Windows 7 For other Windows system please visit www DrayTek com Before using it please follow the steps below to configure settings for connected computers or wireless clients 1 Connect the printer with the router through USB parallel port 2 Open All Programs Getting Started Devices and Printers...

Page 31: ...ser s Guide 15 4 A dialog will appear Click Add a local printer and click Next 5 In this dialog choose Create a new port In the field of Type of port use the drop down list to select Standard TCP IP Port Then click Next ...

Page 32: ... User s Guide 16 6 In the following dialog type 192 168 1 1 router s LAN IP in the field of Hostname or IP Address and type 192 168 1 1 as the Port name Then click Next 7 Click Standard and choose Generic Network Card ...

Page 33: ... your system will ask you to choose right name of the printer that you installed onto the router Such step can make correct driver loaded onto your PC When you finish the selection click Next 9 Type a name for the chosen printer Click Next ...

Page 34: ...Vigor2926 Series User s Guide 18 10 Choose Do not share this printer and click Next 11 Then in the following dialog click Finish ...

Page 35: ...Guide 19 12 The new printer has been added and displayed under Printers and Faxes Click the new printer icon and click Printer server properties 13 Edit the property of the new printer you have added by clicking Configure Port ...

Page 36: ...for choosing the correct protocol and LPR name The printer can be used for printing now Most of the printers with different manufacturers are compatible with vigor router Info Some printers with the fax scanning or other additional functions are not supported Vigor router supports printing request from computers via LAN ports but not WAN port ...

Page 37: ...the same subnet as the default IP address of Vigor router 192 168 1 1 For the detailed information please refer to the later section Trouble Shooting of the guide 2 Open a web browser on your PC and type http 192 168 1 1 The following window will be open to ask for username and password 3 Please type admin admin as the Username Password and click Login Info If you fail to access to the web configu...

Page 38: ...page will be different slightly in accordance with the type of the router you have 5 The web page can be logged out according to the chosen condition The default setting is Auto Logout which means the web configuration system will logout after 5 minutes without any operation Change the setting for your necessity ...

Page 39: ...into the web user interface with admin mode 3 Go to System Maintenance page and choose Administrator Password 4 Enter the login password the default is admin on the field of Old Password Type New Password and Confirm Password Then click OK to continue Info The maximum length of the password you can set is 23 characters 5 Now the password has been changed Next time use the new password to access th...

Page 40: ... status including System Information IPv4 Internet Access IPv6 Internet Access Interface physical connection Security and Quick Access Click Dashboard from the main menu on the left side of the main page A web page with default selections will be displayed on the screen Refer to the following figure ...

Page 41: ...ction is not working LED left side Green It means the router or the function is working Black It means no USB device is connected USB Green It means a USB device is connected Black It means such port is disconnected Green It means such port is connected with Giga transmission rate 1Gbps physically Ethernet Port WAN LAN Orange It means such port is connected with 10 100 Mbps physically For detailed...

Page 42: ...mportant and common used menu items which can be accessed in a quick way just for convenience Look at the right side of the Dashboard You will find a group of common used functions grouped under Quick Access The function links of System Status Dynamic DDNS TR 069 User Management IM P2P Block Schedule Syslog Mail Alert LDAP RADIUS Firewall Object Setting and Data Flow Monitor are displayed here Mov...

Page 43: ...including wireless clients displayed with Host ID IP Address and MAC address indicates that the traffic would be transmitted through LAN port s and then the WAN port The purpose is to perform the traffic monitor of the host s I I 5 5 5 5 G GU UI I M Ma ap p All the functions the router supports are listed with table clearly in this page Users can click the function link to access into the setting ...

Page 44: ...elnet command via DOS prompt The changes made by using web console have the same effects as modified through web user interface The functions settings modified under Web Console also can be reviewed on the web user interface Click the Web Console icon on the top of the main screen to open the following screen ...

Page 45: ...e Config Backup icon It allows you to backup current settings as a file Such configuration file can be restored by using System Maintenance Configuration Backup Simply click the icon on the top of the main screen and a pop up dialog will appear Click Save to store the setting I I 5 5 8 8 L Lo og go ou ut t Click this icon to exit the web user interface ...

Page 46: ...9 1 1 P Ph hy ys si ic ca al l C Co on nn ne ec ct ti io on n Such page displays the physical connection status such as LAN connection status WAN connection status ADSL information and so on P Ph hy ys si ic ca al l C Co on nn ne ec ct ti io on n f fo or r I IP Pv v4 4 P Pr ro ot to oc co ol l ...

Page 47: ...rface TX Packets Displays the total transmitted packets at the LAN interface RX Packets Displays the total received packets at the LAN interface WAN1 WAN2 WAN3 WAN4 Status Enable Yes in red means such interface is available but not enabled Yes in green means such interface is enabled Line Displays the physical connection VDSL ADSL Ethernet or USB of this interface Name Display the name of the rout...

Page 48: ... Displays the speed of received octets at the LAN interface WAN IPv6 Status Enable No in red means such interface is available but not enabled Yes in green means such interface is enabled No in red means such interface is not available Mode Displays the type of WAN connection e g TSPC Up Time Displays the total uptime of the interface IP Displays the IP address of the WAN interface Gateway IP Disp...

Page 49: ...e click Next On the next page as shown below please select the WAN interface that you use If Ethernet interface is used please choose WAN1 WAN2 if 3G 4G USB modem is used please choose WAN3 WAN4 if LTE SIM card is used please choose LTE Then click Next for next step WAN1 WAN2 WAN3 LTE and WAN4 will bring up different configuration page Refer to the following for detailed information In which WAN3 ...

Page 50: ...pe Then click Next On the next page as shown below please select the appropriate Internet access type according to the information from your ISP For example you should select PPPoE mode if the ISP provides you PPPoE interface Then click Next for next step P PP PP Po oE E 1 Choose WAN1 WAN2 as the WAN Interface and click the Next button The following page will be open for you to specify Internet Ac...

Page 51: ...e Username Assign a specific valid user name provided by the ISP Note The maximum length of the user name you can set is 63 characters Password Assign a valid password provided by the ISP Note The maximum length of the password you can set is 62 characters Confirm Password Retype the password Back Click it to return to previous setting page Next Click it to get into the next setting page Cancel Cl...

Page 52: ...r the Username Password provided by your ISP Click Next for viewing summary of such connection 4 Click Finish A page of Quick Start Wizard Setup OK will appear Then the system status of this protocol will be shown 5 Now you can enjoy surfing on the Internet ...

Page 53: ...Available settings are explained as follows Item Description Username Assign a specific valid user name provided by the ISP Note The maximum length of the user name you can set is 63 characters Password Assign a valid password provided by the ISP Note The maximum length of the password you can set is 62 characters Confirm Password Retype the password WAN IP Configuration Obtain an IP address autom...

Page 54: ...server Back Click it to return to previous setting page Next Click it to get into the next setting page Cancel Click it to give up the quick start wizard 3 Please type in the IP address mask gateway information originally provided by your ISP Then click Next for viewing summary of such connection 4 Click Finish A page of Quick Start Wizard Setup OK will appear Then the system status of this protoc...

Page 55: ...et Access type Simply click Next to continue Available settings are explained as follows Item Description WAN IP Type the IP address Subnet Mask Type the subnet mask Gateway Type the IP address of gateway Primary DNS Type in the primary IP address for the router Secondary DNS Type in secondary IP address for necessity in the future Back Click it to return to previous setting page Next Click it to ...

Page 56: ...h A page of Quick Start Wizard Setup OK will appear Then the system status of this protocol will be shown 5 Now you can enjoy surfing on the Internet D DH HC CP P 1 Choose WAN2 as the WAN Interface and choose Ethernet as the Physical Mode Click the Next button The following page will be open for you to specify Internet Access Type 2 Click DHCP as the Internet Access type Simply click Next to conti...

Page 57: ...s 39 characters MAC Some Cable service providers specify a specific MAC address for access authentication In such cases you need to enter the MAC address Back Click it to return to previous setting page Next Click it to get into the next setting page Cancel Click it to give up the quick start wizard 3 After finished the settings above click Next for viewing summary of such connection ...

Page 58: ...enjoy surfing on the Internet I I 6 6 2 2 F Fo or r W WA AN N3 3 W WA AN N4 4 U US SB B WAN3 WAN4 is dedicated to physical mode in USB 1 Choose WAN3 WAN4 as WAN Interface 2 Then click Next for getting the following page Available settings are explained as follows Item Description Internet Access Choose one of the selections as the protocol of accessing the internet ...

Page 59: ...required by some ISPs Type the name and click Apply 3G 4G USB Modem DHCP mode SIM Pin code Type PIN code of the SIM card that will be used to access Internet Network Mode Force Vigor router to connect Internet with the mode specified here If you choose 4G 3G 2G as network mode the router will choose a suitable one according to the actual wireless signal automatically APN Name APN means Access Poin...

Page 60: ...HCP mode is the only choice for LTE WAN 3G 4G USB Modem DHCP mode SIM Pin code Type PIN code of the SIM card that will be used to access Internet Network Mode Force Vigor router to connect Internet with the mode specified here If you choose 4G 3G 2G as network mode the router will choose a suitable one according to the actual wireless signal automatically APN Name APN means Access Point Name which...

Page 61: ...information originally provided by your ISP Then click Next for viewing summary of such connection 4 Click Finish A page of Quick Start Wizard Setup OK will appear Then the system status of this protocol will be shown 5 Now you can enjoy surfing on the Internet ...

Page 62: ...zard is a tool which allows you to use trial version of WCF directly without accessing into the server MyVigor located on http myvigor draytek com For using Web Content Filter Profile please refer to later section Web Content Filter Profile for detailed information Now follow the steps listed below to activate WCF feature for your router Info Such function is available only for Admin Mode 1 Open W...

Page 63: ...yan GlobalView WCF package from retailing outlets DT APPE developed by DrayTek offers a mechanism to upgrade APPE signature automatically 3 Setting confirmation page will be displayed as follows please click Activate Info The service will be activated and applied as the default rule configured in Firewall General Setup 4 Now the web page will display the service that you have activated according t...

Page 64: ...o register your Vigor router to MyVigor website for getting more service Please follow the steps below to finish the router registration 1 Please login the web configuration interface of Vigor router by typing admin admin as User Name Password 2 Click Support Area Production Registration from the home page 3 A Login page will be shown on the screen Please type the account and password that you cre...

Page 65: ...llowing page will be displayed after you logging in MyVigor When the following page appears please type in Nickname for the router and choose the right registration date from the popup calendar it appears when you click on the box of Registration Date Click Add 5 When the following page appears your router information has been added to the database 6 After clicking OK you will see the following pa...

Page 66: ...Vigor2926 Series User s Guide 50 This page is left blank ...

Page 67: ...d and ruled by router The design of network structure is related to what type of public IP addresses coming from your ISP When the data flow passing through the Network Address Translation NAT function of the router will dedicate to translate public private addresses and the packets will be delivered to the correct host PC in the local area network DDNS LAN DNS IGMP LDAP UPnP WOL RADIUS SMS Bonjou...

Page 68: ...blic private addresses and the packets will be delivered to the correct host PC in the local area network Thus all the host PCs can share a common Internet connection G Ge et t Y Yo ou ur r P Pu ub bl li ic c I IP P A Ad dd dr re es ss s f fr ro om m I IS SP P In ADSL deployment the PPP Point to Point style authentication and authorization is required for bridging customer premises equipment CPE P...

Page 69: ...nd Load Balance can be done in the router Besides 3G 4G USB Modem in WAN3 also can be used as backup device Therefore when WAN1 and WAN2 are not available the router will use 3 5G for supporting automatically The supported 3G 4G USB Modem will be listed on DrayTek web site Please visit www draytek com for more detailed information L LT TE E A Ap pp pl li ic ca at ti io on n ...

Page 70: ... if the ISPs use different technology to provide telecommunication service such as DSL Cable modem etc If any connection problem occurred on one of the ISP connections all the traffic will be guided and switched to the normal communication port for proper operation Please configure WAN1 WAN2 WAN3 or LTE and WAN4 settings This webpage allows you to set general setup for WAN1 WAN2 WAN3 or LTE and WA...

Page 71: ...e site need authentication e g FTP If you have no strong demand about speed test result keep default settings as IP based Index Click the WAN interface link under Index to access into the WAN configuration page Enable V means such WAN interface is enabled and ready to be used Physical Mode Type Display the physical mode and physical type of such WAN interface Line Speed Kbps DownLink UpLink Displa...

Page 72: ...ysical type for WAN2 or choose Auto negotiation for determined by the system Line Speed If your choose According to Line Speed as the Load Balance Mode please type the line speed for downloading and uploading for such WAN interface The unit is kbps Active Mode Choose Always On to make the WAN connection be activated always Load Balance Check this box to enable auto load balance function for such W...

Page 73: ...ny of the selected WAN disconnect Such backup WAN will be activated when any master WAN interface disconnects All of the selected WAN disconnect Such backup WAN will be activated only when all master WAN interfaces disconnect VLAN Tag insertion Enable Enable the function of VLAN with tag The router will add specific VLAN number to all packets on the WAN while sending them out Please type the tag v...

Page 74: ...s Item Description Enable Choose Yes to invoke the settings for this WAN interface Choose No to disable the settings for this WAN interface Display Name Type the description for such WAN interface Physical Mode Display the physical mode of such WAN interface Line Speed If your choose According to Line Speed as the Load Balance Mode please type the line speed for downloading and uploading for such ...

Page 75: ... WAN failed such WAN will be activated as the main network connection Traffic Threshold When the data traffic of active WAN reaches the traffic threshold specified here the failover WAN will be enabled automatically to share the overloaded data traffic Active When If you choose Failover as the Active Mode Active When will appear Please specify which WAN will be the Backup interface Any of the sele...

Page 76: ... function the users can set different WAN settings for WAN1 WAN2 WAN3 or LTE WAN4 for Internet Access Due to different Physical Mode for WAN interface the Access Mode for these connections also varies Refer to the following figures for examples Access Mode for Etherenet Access Mode for USB Access Mode for LTE for L model only ...

Page 77: ...choose in WAN interface IPv6 This button will open different web page based on Physical Mode to setup IPv6 Internet Access Mode for WAN interface If IPv6 service is active on this WAN interface the color of IPv6 will become green Advanced This button allows you to configure DHCP client options DHCP packets can be processed by adding option number and data information when such function is enabled ...

Page 78: ... P Ph hy ys si ic ca al l M Mo od de e E Et th he er rn ne et t To use PPPoE as the accessing protocol of the internet please click the PPPoE tab The following web page will be shown Available settings are explained as follows Item Description Enable Disable Click Enable for activating this function If you click Disable this function will be closed and all the settings that you adjusted in this pa...

Page 79: ...o access into Internet Note To have PPPoA Pass through please choose PPPoA protocol and check the box es here The router will behave like a modem which only serves the PPPoE client on the LAN That s the router will offer PPPoA dial up connection WAN Connection Detection Such function allows you to verify whether network connection is alive or not through ARP Detect or Ping Detect Mode Choose ARP D...

Page 80: ...PP Authentication Select PAP only or PAP or CHAP for PPP Idle Timeout Set the timeout for breaking down the Internet after passing through the time without any action IP Address Assignment Method IPCP Usually ISP dynamically assigns IP address to you each time you connect to it and request In some case your ISP provides service to always assign you the same IP address whenever you request In this ...

Page 81: ...ddress or many IP address to the WAN interface To use Static or Dynamic IP as the accessing protocol of the internet please click the Static or Dynamic IP tab The following web page will be shown Available settings are explained as follows Item Description Enable Disable Click Enable for activating this function If you click Disable this function will be closed and all the settings that you adjust...

Page 82: ... operation Ping Retry Type the number of times that the system is allowed to execute the PING operation before WAN disconnection is judged MTU It means Max Transmit Unit for packet Path MTU Discovery It is used to detect the maximum MTU size of a packet not to be segmented in specific transmit path Click Detect to open the following dialog Path MTU to Type the IP address as the specific transmit p...

Page 83: ...blic IP addresses other than the current one you are using Obtain an IP address automatically Click this button to obtain the IP address automatically if you want to use Dynamic IP mode Router Name Type in the router name provided by ISP Domain Name Type in the domain name that you have assigned DHCP Client Identifier for some ISP Enable Check the box to specify username and password as the DHCP c...

Page 84: ...Click this radio button to close the connection through PPTP or L2TP Server Address Specify the IP address of the PPTP L2TP server if you enable PPTP L2TP client mode Specify Gateway IP Address Specify the gateway IP address for DHCP server ISP Access Setup Username Type in the username provided by ISP in this field The maximum length of the user name you can set is 63 characters Password Type in ...

Page 85: ...ultiple public IP addresses and would like to utilize them on the WAN interface please use WAN IP Alias You can set up to 32 public IP addresses other than the current one you are using Fixed IP Usually ISP dynamically assigns IP address to you each time you connect to it and request In some case your ISP provides service to always assign you the same IP address whenever you request In this case y...

Page 86: ...the internet please choose Internet Access from WAN menu Then select 3G 4G USB Modem PPP mode for WAN3 The following web page will be shown Available settings are explained as follows Item Description Modem Support List It lists all of the modems supported by such router 3G 4G USB Modem PPP mode Click Enable for activating this function If you click Disable this function will be closed and all the...

Page 87: ...h of the name you can set is 63 characters PPP Password Type the PPP password optional The maximum length of the password you can set is 62 characters PPP Authentication Select PAP only or PAP or CHAP for PPP Index 1 15 in Schedule Setup You can type in four sets of time schedule for your request All the schedules can be set previously in Application Schedule web page and you can use the number th...

Page 88: ... of the internet please choose Internet Access from WAN menu Then select 3G 4G USB Modem DHCP mode for WAN3 WAN4 The following web page will be shown Available settings are explained as follows Item Description Modem Support List It lists all of the modems supported by such router 3G 4G USB Modem DHCP mode Click Enable for activating this function If you click Disable this function will be closed ...

Page 89: ... pinging Ping Gateway IP If you choose Ping Detect as detection mode you also can enable this setting to use current WAN gateway IP address for pinging With the IP address es pinging Vigor router can check if the WAN connection is on or off TTL Time to Live Set TTL value of PING operation Ping Interval Type the interval for the system to execute the PING operation Ping Retry Type the number of tim...

Page 90: ...CP mode as the accessing protocol of the internet please choose Internet Access from WAN menu Then select 3G 4G USB Modem DHCP mode for LTE The following web page will be shown Available settings are explained as follows Item Description 3G 4G USB Modem DHCP mode Click Enable for activating this function If you click Disable this function will be closed and all the settings that you adjusted in th...

Page 91: ...TU value such as 1500 1492 1484 and etc automatically Detect Click it to detect a suitable MTU value Accept After clicking it the detected value will be displayed in the field of MTU LTE hardware version The hardware version of the embedded LTE module WAN Connection Detection Such function allows you to verify whether network connection is alive or not through ARP Detect or Ping Detect Mode Choose...

Page 92: ... 1 1 2 2 8 8 D De et ta ai il ls s P Pa ag ge e f fo or r I IP Pv v6 6 P PP PP P i in n W WA AN N1 1 W WA AN N2 2 During the procedure of IPv4 PPPoE connection we can get the IPv6 Link Local Address between the gateway and Vigor router through IPv6CP Later use DHCPv6 or accept RA to acquire the IPv6 prefix address such as 2001 B010 7300 200 64 offered by the ISP In addition PCs under LAN also can ...

Page 93: ...is available for the areas such as Taiwan hinet the Netherlands Australia and UK I II I 1 1 2 2 9 9 D De et ta ai il ls s P Pa ag ge e f fo or r I IP Pv v6 6 T TS SP PC C i in n W WA AN N1 1 W WA AN N2 2 W WA AN N3 3 W WA AN N4 4 Tunnel setup protocol client TSPC is an application which could help you to connect to IPv6 network easily Please make sure your IPv4 WAN connection is OK and apply one f...

Page 94: ...Broker Type the address for the tunnel broker IP FQDN or an optional port number WAN Connection Detection Such function allows you to verify whether network connection is alive or not through Ping Detect Mode Choose Always On or Ping Detect for the system to execute for WAN detection Always On means no detection will be executed The network connection will be on always Ping IP Hostname If you choo...

Page 95: ... password The maximum length of the name you can set is 19 characters Password Type the password assigned with the user name The maximum length of the password you can set is 19 characters Tunnel Broker It means a server of AICCU The server can provide IPv6 tunnels to sites or end users over IPv4 Type the address for the tunnel broker IP FQDN or an optional port number Tunnel ID One user account m...

Page 96: ...tect Mode Choose Always On or Ping Detect for the system to execute for WAN detection Ping IP Hostname If you choose Ping Detect as detection mode you have to type IP address in this field for pinging TTL Time to Live If you choose Ping Detect as detection mode you have to type TTL value After finished the above settings click OK to save the settings ...

Page 97: ... means no detection will be executed The network connection will be on always Ping IP Hostname If you choose Ping Detect as detection mode you have to type IP address in this field for pinging TTL Time to Live If you choose Ping Detect as detection mode you have to type TTL value RIPng Protocol RIPng RIP next generation offers the same functions and benefits as IPv4 RIP v2 Bridge Mode Enable Bridg...

Page 98: ...ype the fixed value for prefix length Add Click it to add a new entry Update Click it to modify an existed entry Delete Click it to remove an existed entry Current IPv6 Address Table Display current interface IPv6 address Static IPv6 Gateway Configuration IPv6 Gateway Address Type your IPv6 gateway address here WAN Connection Detection Such function allows you to verify whether network connection ...

Page 99: ...tion is enabled the router will work as a bridge modem Enable Firewall It is available when Bridge Mode is enabled When both Bridge Mode and Firewall check boxes are enabled the settings configured user profiles under User Management will be ignored And all of the filter rules defined and enabled in Firewall menu will be activated Bridge Subnet Make a bridge between the selected LAN subnet and suc...

Page 100: ...erver 6in4 IPv6 Address Type the static IPv6 address for IPv4 tunnel with the value for prefix length LAN Routed Prefix Type the static IPv6 address for LAN routing with the value for prefix length Tunnel TTL Type the number for the data lifetime in tunnel WAN Connection Detection Such function allows you to verify whether network connection is alive or not through Ping Detect Mode Choose Always O...

Page 101: ...ta ai il ls s P Pa ag ge e f fo or r I IP Pv v6 6 6 6r rd d i in n W WA AN N1 1 W WA AN N2 2 This type allows you to setup 6rd for WAN interface Available settings are explained as follows Item Description 6rd Mode Auto 6rd Retrieve 6rd prefix automatically from 6rd service provider The IPv4 WAN must be set as DHCP Static 6rd Set 6rd options manually ...

Page 102: ...tion Detection Such function allows you to verify whether network connection is alive or not through Ping Detect Mode Choose Always On or Ping Detect for the system to execute for WAN detection Always On means no detection will be executed The network connection will be on always Ping IP Hostname If you choose Ping Detect as detection mode you have to type IP address in this field for pinging TTL ...

Page 103: ...2 are used by the Internet Access web user interface and can not be configured here Channels 5 10 are configurable Enable Display whether the settings in this channel are enabled Yes or not No WAN Type Displays the physical medium that the channel will use VLAN Tag Displays the VLAN tag value that will be used for the packets traveling on this channel Port based Bridge The network traffic flowing ...

Page 104: ...able to select the physical WAN interface the channel shall use here General Settings VLAN Tag Type the value as the VLAN ID number Valid settings are in the range from 1 to 4095 The network traffic flowing on each channel will be identified by the system via their VLAN Tags Channels using the same WAN type may not configure the same VLAN tag value Priority Choose the number to determine the packe...

Page 105: ... your router Available settings are explained as follows Item Description Multi VLAN Channel 5 6 7 Enable Click it to enable the configuration of this channel Disable Click it to disable the configuration of this channel WAN Type The connections and interfaces created in every channel may select a specific WAN type to be built upon In the Multi VLAN application only the Ethernet WAN type is availa...

Page 106: ...selected and the WAN The WAN interface of the bridge connection will be built upon the WAN type selected using the VLAN tag configured Physical Members Group the physical ports by checking the corresponding check box es for applying the port based bridge connection Open WAN Interface for this Channel Check the box to enable relating function WAN Application Management can be specified for general ...

Page 107: ...charges for data transmission by the ISP Please note that the Quota Limit and Billing cycle day of month settings will need to be configured correctly first in order for some period calculations to be performed correctly I II I 1 1 4 4 1 1 G Ge en ne er ra al l S Se et tu up p Or Click WAN1 WAN2 WAN3 or LTE WAN4 link to open the following web page Available settings are explained as follows ...

Page 108: ...mitation based on the traffic limit per month This setting is to offer a mechanism of resetting the traffic record every month Data quota resets on day You can determine the starting day in one month Custom This setting allows the user to define the billing cycle according to his request The WAN budget will be reset with an interval of billing cycle Custom Monthly is default setting If long period...

Page 109: ...usage If the WAN budget is exhausted a lock will be displayed on the page if Shutdown WAN interface is selected Which means no data transmission will be carried out Moreover the system will send out a warning message to the administrator if Mail Alert is selected Or the system will send out SMS message to the administrator if SMS message is selected ...

Page 110: ...sulated with the header of IPv4 first Later the packets will be transformed and judged by IPv4 router Once the packets arrive the border between IPv4 and IPv6 the header of IPv4 on the packets will be removed Then the packets with IPv6 address will be forwarded to the destination of IPv6 network Translation Such feature is active only for the user who uses IPv4 to communicate with other user using...

Page 111: ...age Refer to the following PPP Dual Stack application IPv4 and IPv6 services can be utilized at the same time Choose PPP and type the information for PPPoE of IPv4 Access into the setting page for IPv6 service it is not necessary for you to configure anything Click OK and open Online Status If the connection is successful you will get the IP address for IPv4 and IPv6 at the same time ...

Page 112: ...Vigor2926 Series User s Guide 96 ...

Page 113: ...nformation for TSPC service Info While using such mode you have to make sure the IPv4 network connection is normal In the following figure the TSPC information is obtained from http gogo6 com after applied for the service Click OK and open Online Status If the connection is successful the physical connection will be shown as follows ...

Page 114: ...nfo While using such mode you have to make sure the IPv4 network connection is normal In the following figure the AICCU information is obtained from https www sixxs net main after applied for the service Click OK and open Online Status If the connection is successful the physical connection will be shows as follows ...

Page 115: ... s Guide 99 DHCPv6 Client Choose DHCPv6 Client Click one of the identity associations and type the IAID number Click OK and open Online Status If the connection is successful the physical connection will be shows as follows ...

Page 116: ...es User s Guide 100 Static IPv6 Choose Static IPv6 Type IPv6 address Prefix Length and Gateway Address Click OK and open Online Status If the connection is successful the physical connection will be shows as follows ...

Page 117: ...4 Static Tunnel Choose 6in4 Static Tunnel Type remote endpoint IPv4 address 6in4 IPv6 Address LAN Routed Prefix and Tunnel TTL Click OK and open Online Status If the connection is successful the physical connection will be shows as follows ...

Page 118: ... User s Guide 102 6rd Choose 6rd Type IPv4 Border Relay IPv4 Mask Length 6rd Prefix and 6rd Prefix Length Click OK and open Online Status If the connection is successful the physical connection will be shows as follows ...

Page 119: ...the subnet of LAN1 supports IPv6 feature 2 In the field of RADVD Configuration the default setting is Enable The client s PC will ask RADVD service for the Prefix of IPv6 address automatically and generate an Interface ID by itself to compose a full and unique IPv6 address 3 In the field of DHCPv6 Server Configuration when DHCPv6 service is enabled you can assign available IPv6 address for the cli...

Page 120: ...e command of ipconfig Refer to the following figure From the above figure we can see IPv6 IP address has been captured by the system 2 Use the Ping command to ping any IPv6 address indicating an IPv6 website For example www kame net is a website supporting IPv4 IP and IPv6 IP services Its IPv6 address is seen with a format of 2001 200 dff fff1 216 3eff feb1 44d7 After getting the above message it ...

Page 121: ...ype an URL of IPv6 e g www kame net If your computer accesses into the website by using IPv6 address you may see a turtle dancing on the screen If not only a steady turtle will be seen If you can see a turtle dancing on the screen that means IPv6 service is ready for you to access and utilize ...

Page 122: ... the packets from public IP address to private IP address to forward the right packets to the right host and vice versa Besides Vigor router has a built in DHCP server that assigns private IP address to each local host See the following diagram for a briefly understanding In some special case you may have a public IP subnet from your ISP such as 220 135 240 0 24 This means that you can set up a pu...

Page 123: ... St ta at ti ic c R Ro ou ut te e When you have several subnets in your LAN sometimes a more effective and quicker way for connection is the Static routes function rather than other method You may simply set rules to forward data from one specified subnet to another specified subnet without the presence of RIP W Wh ha at t a ar re e V Vi ir rt tu ua al l L LA AN Ns s a an nd d R Ra at te e C Co on...

Page 124: ... users to divide groups into different subnets LAN1 LAN5 In addition different subnets can link for each other by configuring Inter LAN Routing At present LAN1 setting is fixed with NAT mode only LAN2 LAN5 can be operated under NAT or Route mode IP Routed Subnet can be operated under Route mode Available settings are explained as follows Item Description General Setup Allow to configure settings f...

Page 125: ...ption number with data For example Option number 100 Data abcd When such function is enabled the specified values for DHCP option will be seen in DHCP reply packets Interface Specify the WAN LAN interface s that will be overwritten by such function Next Server IP Address SIAddr Type the IP address of PXE server which is helpful for downloading boot loader via network Option Number Type a number fo...

Page 126: ... stoppage of the exchange of routing information between routers Default Enable activate the RIP protocol DHCP Server Configuration DHCP stands for Dynamic Host Configuration Protocol The router by factory default acts a DHCP server for your network so it automatically dispatches related IP settings to any local user configured as a DHCP client It is highly recommended that you leave the router en...

Page 127: ...he IPs will be used out and then no one will be able to get any IPs from this server anymore Therefore this feature is used to get the IP back from inactive clients i e doesn t use the IP but the server still reserves the IP for him DNS Server IP Address DNS stands for Domain Name System Every Internet host must have a unique IP address also they may have a human friendly easy to remember name suc...

Page 128: ... network Default 255 255 255 0 24 DHCP Server Configuration DHCP stands for Dynamic Host Configuration Protocol The router by factory default acts a DHCP server for your network so it automatically dispatch related IP settings to any local user configured as a DHCP client It is highly recommended that you leave the router enabled as a DHCP server if you do not have a DHCP server for your network E...

Page 129: ...from this server anymore Therefore this feature is used to get the IP back from inactive clients i e doesn t use the IP but the server still reserves the IP for him DNS Server IP Address DNS stands for Domain Name System Every Internet host must have a unique IP address also they may have a human friendly easy to remember name such as www yahoo com The DNS server converts the user friendly name in...

Page 130: ... a stoppage of the exchange of routing information between routers Default Enable activate the RIP protocol DHCP Server Configuration DHCP stands for Dynamic Host Configuration Protocol The router by factory default acts a DHCP server for your network so it automatically dispatch related IP settings to any local user configured as a DHCP client It is highly recommended that you leave the router en...

Page 131: ... of MAC Address for 2nd DHCP server will help router to assign the correct IP address of the correct subnet to the correct host So those hosts in 2nd subnet won t get an IP address belonging to 1st subnet Add Type the MAC address in the boxes and click this button to add Delete Click it to delete the selected MAC address Edit Click it to edit the selected MAC address Cancel Click it to cancel the ...

Page 132: ...e drop down list to specify a WAN interface for IPv6 Static IPv6 Address configuration IPv6 Address Type static IPv6 address for LAN Prefix Length Type the fixed value for prefix length Add Click it to add a new entry Delete Click it to remove an existed entry Unique Local Address ULA configuration Such feature is used for the host without assigned IPv6 address to obtain IPv6 address automatically...

Page 133: ...thod SLAAC stateless The IP address with Prefix of the host shall be formed according to RA transmitted by Vigor router DHCPv6 stateful The IP address of the host shall be assigned after communicating with DHCPv6 server for answering the request of client Off No IP address is assigned Other Option O bit Check this box to enable the O bit for obtaining additional information e g DNS from DHCPv6 DHC...

Page 134: ...advertisement server Hop Limt The value is required for the device behind the router when IPv6 is in use Min Max Interval Time sec It defines the interval between minimum time and maximum time for sending RA Router Advertisement packets Default Lifetime sec Within such period of time Vigor2926 can be treated as the default gateway Default Preference It determines the priority of the host behind th...

Page 135: ...eries User s Guide 119 from the primary WAN but also the prefix for IPv6 LAN IP address can be assigned by extension WAN specified here When you finish the configuration please click OK to save and exit this page ...

Page 136: ... A Ap pp pl li ic ca at ti io on n H Ho ow w t to o u ut ti il li iz ze e V Vi ig go or r r ro ou ut te er r w wi it th h n no on n N NA AT T 1 Open LAN General Setup Click the Details Page button of LAN1 2 In the setting page type the settings as follows and click OK to save the settings Note that LAN1 is always for NAT usage ...

Page 137: ...LAN General Setup Now LAN2 is available for configuration Click the Details Page button of LAN2 Choose For Routing Usage Type the settings as follows and click OK to save the settings 5 Open WAN Internet Access Choose Static or Dynamic IP as Access Mode Then click Details Page 6 In the configuration web page type the settings as follows and click OK to save the settings ...

Page 138: ...Vigor2926 Series User s Guide 122 7 Now a network connection via MPLS Multiprotocol Label Switching between LAN2 user and the Branch user is established successfully Internet is not required for them ...

Page 139: ...fier as it is just passed to the LAN You can set the priorities for LAN side QoS You can assign each of VLANs to each of the different IP subnets that the router may also be operating to provide even more isolation The said functionality is tag based multi subnet P Po or rt t B Ba as se ed d V VL LA AN N Relative to tag based VLAN which groups clients with an identifier port based VLAN uses physic...

Page 140: ...der the selected VLAN Note P5 is supported only for Non Fiber series Wireless LAN 2 4GHz SSID1 SSID4 Check the SSID boxes to group them under the selected VLAN Wireless LAN 5GHz SSID1 SSID4 Check the SSID boxes to group them under the selected VLAN This option is only available for Vigor2926ac Vigor2926Vac Vigor2926Lac Subnet Choose one of them to make the selected VLAN mapping to the specified su...

Page 141: ...ting to Vigor router due to unexpected error Vigor2926 series features a hugely flexible VLAN system In its simplest form each of the Gigabit LAN ports can be isolated from each other for example to feed different companies or departments but keeping their local traffic completely separated C Co on nf fi ig gu ur ri in ng g p po or rt t b ba as se ed d V VL LA AN N f fo or r w wi ir re el le es ss...

Page 142: ...IP subnets on LAN Each can be independent isolated or common able to communicate with each other This is ideal for departmental or multi occupancy applications Info As for the VLAN applications refer to Appendix I VLAN Application on Vigor Router for more detailed information ...

Page 143: ...er cannot be changed If you modified the binding IP or MAC address it might cause you not access into the Internet Click LAN and click Bind IP to MAC to open the setup page Available settings are explained as follows Item Description Enable Click this radio button to invoke this function However IP MAC which is not listed in IP Bind List also can connect to Internet Disable Click this radio button...

Page 144: ...with the assigned IP address Comment Type a brief description for the entry Show Comment Check this box to display the comment on IP Bind List box IP Bind List It displays a list for the IP bind to MAC information Add It allows you to add the one you choose from the ARP table or the IP MAC address typed in Add and Edit to the table of IP Bind List Update It allows you to edit and modify the select...

Page 145: ...ting equipments to be set up Second it may be able to view traffic on one or more ports within a VLAN at the same time Third it can transfer all data traffics to be mirrored to one analyzer connecting to the mirroring port Last it is more convenient and easy to configure in user s interface Available settings are explained as follows Item Description Port Mirror Check Enable to activate this funct...

Page 146: ...e Authentication Protocol Authenticator relies on the RADIUS Server in its authentication process Each LAN port with Wired 802 1x configured will only forward 802 1x packets and block all other packets until the authentication has successfully completed Available settings are explained as follows Item Description Enable Check the box to enable LAN 802 1x function Authentication Type Use the drop d...

Page 147: ...can configure this page to accelerate the data streaming by hardware itself Open Hardware Acceleration to access into the following page Available settings are explained as follows Item Description Mode Disable The default setting Auto When the hardware acceleration is configured with the Auto mode the sessions with the heaviest loading and the lower latency traffic will be added into PPA However ...

Page 148: ...se hosts will share these sessions Therefore the performance will be lower than only one host Choose this option to specify certain PCs on LAN to apply the hardware acceleration Enable Check the box to make PC s specified in the selected index entry to be applied Dest Port Start Type the starting port for the PC s in LAN Dest Port End Type the ending port for the PC s in LAN Private IP Choose PC T...

Page 149: ...Vigor2926 Series User s Guide 133 ...

Page 150: ...lic IP address and the router will do the inversion based on its table Therefore the internal host can communicate with external host smoothly The benefit of the NAT includes Save cost on applying public IP address and apply efficient usage of IP address NAT allows the internal IP addresses of local hosts to be translated into one public IP address thus you can have only one IP address on behalf o...

Page 151: ...ess domain name are recognized by all users Since the server is actually located inside the LAN the network well protected by NAT of the router and identified by its private IP address port the goal of Port Redirection function is to forward all access request with public IP address from external users to the mapping private IP address port of the server The port redirection can only apply to inco...

Page 152: ...e Protocol Display the transport layer protocol TCP or UDP Public Port Display the port number which will be redirected to the specified Private IP and Port of the internal host Private IP Display the IP address of the internal host providing the service Status Display if the profile is enabled v or not x Press any number under Index to access into next page for configuring port redirection Availa...

Page 153: ...rt Source IP Use the drop down list to specify an IP object Or click IP Object link to create a new one for applying Private IP Specify the private IP address of the internal host providing the service If you choose Range as the port redirection mode you will see two boxes on this field Type a complete IP address in the first box as the starting point The second one will be assigned automatically ...

Page 154: ...Vigor2926 Series User s Guide 138 ...

Page 155: ...ngle host in the LAN Regular web surfing and other such Internet activities from other clients will continue to work without inappropriate interruption DMZ Host allows a defined internal user to be totally exposed to the Internet which usually helps some special applications such as Netmeeting or Internet Games etc The security properties of NAT are somewhat bypassed if you set up DMZ host We sugg...

Page 156: ...ivate IP addresses of all hosts in your LAN network Select one private IP address in the list to be the DMZ host When you have selected one private IP from the above dialog the IP address will be shown on the following screen Click OK to save the setting DMZ Host for WAN2 WAN3 LTE or WAN4 is slightly different with WAN1 Active True IP selection is available for WAN1 only See the following figure I...

Page 157: ... Click this button and then a window will automatically pop up as depicted below The window consists of a list of private IP addresses of all hosts in your LAN network Select one private IP address in the list to be the DMZ host When you have selected one private IP from the above dialog the IP address will be shown on the screen Click OK to save the setting After finishing all the settings here p...

Page 158: ...ticular entry that you want to offer service in a local host You should click the appropriate index number to edit or clear the corresponding entry Comment Specify the name for the defined network service WAN Interface Display the WAN interface used by such index Aux WAN IP Display the IP alias setting used by such index If no IP alias setting exists such field will not appear Local IP Address Dis...

Page 159: ...t will be used for this entry This setting is available when WAN IP Alias is configured Private IP Enter the private IP address of the local host or click Choose IP to select one Choose IP Click this button and subsequently a window having a list of private IP addresses of local hosts will automatically pop up Select the appropriate IP address of the local host in the list Protocol Specify the tra...

Page 160: ...keeps the ports opened forever Once the OK button is clicked and the configuration has taken effect port triggering will only attempt to open the ports once the triggering conditions are met The duration that these ports are opened depends on the type of protocol used The default durations are shown below and these duration values can be modified via telnet commands TCP 86400 sec UDP 180 sec IGMP ...

Page 161: ... the configuration page Available settings are explained as follows Item Description Enable Check to enable this entry Service Choose the predefined service to apply for such trigger profile Comment Type the text to memorize the application of this rule Source IP Use the drop down list to specify an IP object Or click IP Object link to create a new one for applying Triggering Protocol Select the p...

Page 162: ...cessing the packets of voice and video RTSP ALG makes RTSP message RTCP message and RTP packets of voice and video be transmitted and received correctly via NAT by Vigor router However SIP ALG makes SIP message and RTP packets of voice be transmitted and received correctly via NAT by Vigor router Available settings are explained as follows Item Description Enable ALG Check to enable such function ...

Page 163: ...pecified private IP address S Sc ch he ed du ul le e The Vigor router has a built in clock which can update itself manually or automatically by means of Network Time Protocols NTP As a result you can not only schedule the router to dialup to the Internet at a specified time but also restrict Internet access to certain hours so that users can connect to the Internet only during certain hours say bu...

Page 164: ...outer is NAT Traversal This enables applications inside the firewall to automatically open the ports that they need to pass through a router W Wa ak ke e o on n L LA AN N A PC client on LAN can be woken up by the router it connects When a user wants to wake up a specified PC through the router he she must type correct MAC address of the specified PC on this web page of Wake on LAN WOL of this rout...

Page 165: ...mic DNS Setup Available settings are explained as follows Item Description Enable Dynamic DNS Setup Check this box to enable DDNS function Set to Factory Default Clear all profiles and recover to factory settings View Log Display DDNS log status Force Update Force the router updates its information to DDNS server Auto Update interval Set the time for the router to perform auto update for DDNS serv...

Page 166: ...ur account Login Name test and Password test If User Defined is specified as the service provider the web page will be changed slightly as follows Available settings are explained as follows Item Description Enable Dynamic DNS Account Check this box to enable the current account If you did check the box you will see a check mark appeared on the Active column of the previous web page in step 2 WAN ...

Page 167: ...tomized is selected as Service Provider e g dynamic dns update asp u jo p jo hostname j changeip org ip IP cmd update offline 0 Auth Type Two types can be used for authentication Basic Username and password defined later can be shown from the packets captured URL Username and password defined later can be shown in URL e g http ns1 vigorddns com ddns php username xxxx password xxxx domain xxxx vigo...

Page 168: ...and easily to set up Each Vigor Router is available to register one domain name Choose DrayTek Global as the service provider the web page will be displayed as follows Available settings are explained as follows Item Description Enable Dynamic DNS Account Check this box to enable the current account If you did check the box you will see a check mark appeared on the Active column of the previous we...

Page 169: ...count If WAN1 WAN2 WAN3 or LTE WAN4 fails the router will use another WAN interface instead WAN1 WAN2 WAN3 or LTE WAN4 Only While connecting the router will use WAN1 WAN2 WAN3 or LTE WAN4 as the only channel for such account D Di is sa ab bl le e t th he e F Fu un nc ct ti io on n a an nd d C Cl le ea ar r a al ll l D Dy yn na am mi ic c D DN NS S A Ac cc co ou un nt ts s Uncheck Enable Dynamic DN...

Page 170: ...c private IP address es to correspondent servers Thus even the remote PC is adopting public DNS as the DNS server the LAN DNS resolution on Vigor2926 series will respond the specified private IP address Simply click Application LAN DNS to open the following page Each item is explained as follows Item Description Set to Factory Default Clear all profiles and recover to factory settings Enable Check...

Page 171: ...ttings are explained as follows Item Description Enable Check this box to enable such profile Profile Type a name for such profile Note If you type a name here for LAN DNS and click OK to save the configuration the name also will be applied to conditional DNS forwarding automatically Domain Name Type the domain name for such profile IP Address List The IP address listed here will be used for mappi...

Page 172: ...rofile just created Or you can click index 2 to use this profile as conditional DNS forwarding Available settings are explained as follows Item Description Enable Check this box to enable such profile Profile Type a name for such profile Note If you type a name here for conditional DNS forwarding and click OK to save the configuration the name also will be applied to LAN DNS automatically Domain N...

Page 173: ... are explained as follows Item Description Enable Check the box to enable the DNS security management Interface There are four WAN interfaces allowed to be set with DNS security enabled Primary DNS Display the IP address of primary DNS obtained from DHCP server or specified by Static WAN Secondary DNS Display the IP address of secondary DNS obtained from DHCP server or specified by Static WAN Bogu...

Page 174: ...ings are explained as follows Item Description Domain Type the domain name or IP address IPv4 IPv6 that you want to query Interface Specify the interface required for executing diagnose DNS Server Type the IP address of the DNS Server which will diagnose the domain specified above Diagnose Click it to perform the diagnosis for the domain Result The diagnosed information will be displayed on such f...

Page 175: ...e In System Maintenance Time and Date menu press Inquire Time button to set the Vigor router s clock to current time of your PC The clock will reset once if you power down or reset the router There is another way to set up time You can inquiry an NTP server a time server on the Internet to synchronize the router s clock This method can only be applied when the WAN connection has been built up Avai...

Page 176: ...our Internet Access or VPN and Remote Access LAN to LAN settings To add a schedule 1 Click any index say Index No 1 2 The detailed settings of the schedule with index 1 will be shown below Available settings are explained as follows Item Description Enable Schedule Setup Check to enable the schedule Comment Type a short description for such schedule Start Date yyyy mm dd Specify the starting date ...

Page 177: ... whole week 3 Configure the Force Down from 18 00 to next day 9 00 for whole week 4 Assign these two profiles to the PPPoE Internet access profile Now the PPPoE Internet connection will follow the schedule order to perform Force On or Force Down action according to the time plan that has been pre defined in the schedule profiles I II I 5 5 5 5 R RA AD DI IU US S T TA AC CA AC CS S Remote Authentic...

Page 178: ...n them Both sides must be configured to use the same shared secret The maximum length of the shared secret you can set is 36 characters Confirm Shared Secret Re type the Shared Secret for confirmation After finished the above settings click OK button to save the settings I II I 5 5 5 5 2 2 I In nt te er rn na al l R RA AD DI IU US S Except for being a built in RADIUS client Vigor router also can b...

Page 179: ...r internal RADIUS server RADIUS Client Access List Allow to configure that clients under specified domain IPv4 and IPv6 must be authenticated with the specified shared secret Enable Check to enable RADIUS client feature Shared Secret The RADIUS server and client share a secret that is used to authenticate the messages sent between them Both sides must be configured to use the same shared ...

Page 180: ...rst Select All Click it to select all of the user profiles in Available List Clear All Click to remove all of the user profiles in Available List Available List The user profiles without RADIUS server enabled in User Management User Profile will be listed in this field Authentication List The user profiles with RADIUS server enabled in User Management User Profile will be listed in this field Sync...

Page 181: ...ver Destination Port The UDP port number that the TACACS server is using Shared Secret The TACACS server and client share a secret that is used to authenticate the messages sent between them Both sides must be configured to use the same shared secret Confirm Shared Secret Re type the Shared Secret for confirmation After finished the above settings click OK button to save the settings ...

Page 182: ...tion within the directory and acquire the data in the directory securely therefore users can apply LDAP to search or list the directory object inquire or manage the active directory I II I 5 5 6 6 1 1 G Ge en ne er ra al l S Se et tu up p This page allows you to enable the function and specify general settings for LDAP server Available settings are explained as follows Item Description Enable Chec...

Page 183: ... Regular DN Type this setting if Regular Mode is selected as Bind Type Regular Password Specify a password if Regular Mode is selected as Bind Type After finished the above settings click OK button to save the settings I II I 5 5 6 6 2 2 P Pr ro of fi il le es s You can configure eight AD LDAP profiles These profiles would be used with User Management for different purposes in management Click any...

Page 184: ...r most LDAP server is cn Additional Filter Type the condition for additional filter Base Distinguished Name Group Distinguished Name Type or edit the distinguished name used to look up entries on the LDAP server Sometimes you may forget the Distinguished Name since it s too long Then you may click the button to list all the account information on the AD LDAP Server to assist you finish the setup A...

Page 185: ... Control Service or Connection Status Service Default WAN It is used to specify the WAN interface for applying such function The reminder as regards concern about Firewall and UPnP Can t work with Firewall Software Enabling firewall applications on your PC may cause the UPnP function not working properly This is because these applications will block the accessing ability of some network ports Secu...

Page 186: ...sent two versions v2 and v3 are supported by Vigor router Choose the correct version based on the IPTV service you subscribe General Query Interval Vigor router will periodically check which IP obtaining IPTV service by sending query It might cause inconvenience for client Therefore set a suitable time unit second as the query interval to limit the frequency of query sent by Vigor router Add PPP h...

Page 187: ... all the settings here please click OK to save the configuration I II I 5 5 8 8 2 2 W Wo or rk ki in ng g G Gr ro ou up ps s Available settings are explained as follows Item Description Refresh Click this link to renew the working multicast group status Group ID This field displays the ID port for the multicast group The available range for IGMP starts from 224 0 0 0 to 239 255 255 254 P1 to P4 It...

Page 188: ...lable settings are explained as follows Item Description Wake by Two types provide for you to wake up the binded IP If you choose Wake by MAC Address you have to type the correct MAC address of the host in MAC Address boxes If you choose Wake by IP Address you have to choose the correct IP address IP Address The IP addresses that have been configured in Firewall Bind IP to MAC will be shown in thi...

Page 189: ... the content is and when the SMS will be sent Available settings are explained as follows Item Description Index Check the box to enable such profile SMS Provider Use the drop down list to choose SMS service provider You can click SMS Provider link to define the SMS server Recipient Number Type the phone number of the one who will receive the SMS Notify Profile Use the drop down list to choose a m...

Page 190: ...tings SMS Mail Service Object If there is no object listed click Mail Service link to define a new one with specified service provider Mail Address Type the e mail address of the one who will receive the notification message Notify Profile Use the drop down list to choose a message profile The recipient will get the content stated in the message profile You can click the Notify Profile link to def...

Page 191: ...on e g IP setting If the host and user s computer have the plug in bonjour driver install they can utilize the service offered by the router by clicking the router name icon In short what the Clients users need to know is the name of the router only To enable the Bonjour service click Application Bonjour to open the following page Check the box es of the server service s that you want to share to ...

Page 192: ...stem Maintenance Management Type a name as the Router Name and click OK 4 Next open Applications Bonjour Check the service that you want to use via Bonjour 5 Open the DNSSD page again The available items will be changed as the follows It means the Vigor router based on Bonjour protocol is ready to be used as a printer server FTP server SSH Server Telnet Server and HTTP Server ...

Page 193: ...Vigor2926 Series User s Guide 177 6 Now any page or document can be printed out through Vigor router installed with a printer ...

Page 194: ...omponent the primary to the backup component the secondary This process remains system wide resources recovers partial of failed transactions and restores the system to normal within a few seconds To configure High Availability on at least two DrayTek routers Enable High Availability on the Primary and Secondary routers Set a high Priority ID number on the Primary router and lower numbers for the ...

Page 195: ...d is suitable for a user which has one ISP account With such method All WANs of secondary routers will be shut down by HA function WAN settings of primary and secondary routers can be the same Note When Hot Standby is used wireless LAN will be enabled automatically for clients connecting to the primary router however wireless LAN on secondary router will be disabled directlly Thus clients can not ...

Page 196: ... which LAN is determined by management interface Authentication Key Type a string as the authentication key maximum 31 characters allowed It is used for encrypting the DARP to prevent malicious attack Protocol Choose IPv4 or IPv6 Management Interface Such interface is used for DARP DrayTek Address Redundancy Protocol negotiation between routers Only the interface which is enabled in LAN General Se...

Page 197: ...re Exclude the following settings from config sync Settings selected in this field will be excluded when executing configuration synchronization For example under active standby mode WAN settings will not be synchronized When you finish the configuration please click OK to save and exit this page E Ex xa am mp pl le e Take the following picture as an example The upper Vigor2926 is regarded as prim...

Page 198: ...l l S Se et tu up p Such page allows you to configure general settings for Local 802 1X server built in Vigor router Available settings are explained as follows Item Description Enable Click it to enable local 802 1X server At present such feature can be used for wireless and wired 802 1x authentication ...

Page 199: ...e user profiles User Management User Profile For example if Local 802 1x is configured as Enabled checked the Internal RADIUS will be configured as Enabled too If Local 802 1X is configured as Disabled unchecked the Internal RADIUS will be changed as Disabled too even if it is enabled previously OK Click it to save the settings Clear Click it to remove previous setting configuration Cancel Click i...

Page 200: ...er is not on the list Now DrayTek starts to support our own DDNS service DrayDDNS We will provide a domain name for each Vigor Router this single domain name can record IP addresses of all WAN A Ac ct ti iv va at te e D Dr ra ay yD DD DN NS S L Li ic ce en ns se e 1 Go to Wizards Service Activation Wizard wait for the router to connect to MyVigor server then tick DT DDNS and I have read and accept...

Page 201: ...r ro of fi il le e 1 Go to Applications Dynamic DNS Setup a Tick Enable Dynamic DNS Setup b Click an available profile index c Tick Enable Dynamic DNS Account d Select DrayTek Global www drayddns com as Service Provider e Select the WAN you would like to upload the IP to DDNS server f Click Get domain g Click OK on the pop up notification window ...

Page 202: ... om ma ai in n N Na am me e Currently only the domain name is allowed to be modified MyVigor website We will need to register the router to MyVigor server and log in to MyVigor website to modify it 1 Please visit https myvigor draytek com or go to Applications Dynamic DNS Setup DrayDDNS profile and click Edit domain 2 Log in to MyVigor Website choose the profile then click Edit DDNS settings ...

Page 203: ...ame e g XXXX25 and click Update 4 Vigor router will get the modified domain name when the it performs next DDNS updating We can click Sync domain to accelerate this process After few seconds the router will get the new domain name and print it on the profiles list ...

Page 204: ...Vigor2926 Series User s Guide 188 ...

Page 205: ...ters to update your IP to the DDNS server We will take Changeip org and 3322 net as example Before setting please make sure that the WAN connection is up P Pa ar rt t A A C Ch ha an ng ge ei ip p o or rg g Note that Username jo Password jo Host name j changeip org WAN IP address 1 169 185 242 Following is the screenshot of editing the HTML script on the browser to update your IP to the DDNS server...

Page 206: ... Service API as dynamic dns update asp u jo p jo hostname j changeip org ip IP cmd update offline 0 In which IP is a value which will be replaced with the current interface IP address automatically when DDNS service is running In this case the IP will be 1 169 185 242 4 After setting the Customized DDNS service will be up and our IP will be updated to the DDNS server P Pa ar rt t B B 3 33 32 22 2 ...

Page 207: ... can do the same job for us automatically 1 Please go to Applications Dynamic DNS to create a profile for Customized DDNS client 4 Set the Service Provider as Customized 5 Set the Provider Host as member 3322 net 6 Set the Service API as dyndns update hostname yourhost 3322 org myip IP wildcard OFF mx mail exchanger ext backmx NO offline NO 7 Enter your account and password 8 After the setting the...

Page 208: ...Vigor2926 Series User s Guide 192 P Pa ar rt t C C E Ex xt te en nd d N No ot te e The customized Service Provider is also eligible with the ClouDNS net ...

Page 209: ...rface of the Vigor router 2 Open Applications Active Directory LDAP to get the following page for configuring LDAP related settings There are three types of bind type supported Simple Mode Just simply do the bind authentication without any search action Anonymous Perform a search action first with Anonymous account then do the bind authentication Regular Mode Mostly it is the same with anonymous m...

Page 210: ...Vigor2926 Series User s Guide 194 and 4 Click OK to save the settings above 5 Open User Management General Setup Select User Based as the Mode option ...

Page 211: ...n VPN and Remote Access PPP General Setup to check the profile s that will be authenticated with LDAP server After above configurations users belong to either rd1 or shrd group can access Internet after inputting their credentials on LDAP server ...

Page 212: ...interface Specify Interface Through dedicated interface WAN LAN VPN the data can be sent from the source IP to the destination IP Address Mapping Allows you specify the outgoing WAN IP address es for an internal private IP address or a range of internal private IP addresses Priority The router will determine which policy will be adopted for transmitting the packet according to the priority of Stat...

Page 213: ...4 and IPv6 for you to configure the static route Both protocols bring different web pages S St ta at ti ic c R Ro ou ut te e f fo or r I IP Pv v4 4 Available settings are explained as follows Item Description Index The number 1 to 30 under Index allows you to open next page to set up static route Destination Address Displays the destination address of the static route Status Displays the status of...

Page 214: ...ernal Router B 192 168 1 3 have set Main Router 192 168 1 1 as the default gateway for the Router A 192 168 1 2 Before setting Static Route user A cannot talk to user B for Router A can only forward recognized packets to its default gateway Main Router 1 Go to LAN page and click General Setup select 1st Subnet as the RIP Protocol Control Then click the OK button Info There are two reasons that we ...

Page 215: ...t to enable this profile Destination IP Address Type an IP address as the destination of such static route Subnet Mask Type the subnet mask for such static route Network Interface Use the drop down list to specify an interface for such static route 3 Return to Static Route Setup page Click on another Index Number to add another static route as show below which regulates all packets destined to 211...

Page 216: ... the destination address of the static route Status Displays the status of the static route Set to Factory Default Clear all of the settings and return to factory default settings Viewing IPv6 Routing Table Displays the routing table for your reference Click any underline of index number to get the following page Available settings are explained as follows Item Description Enable Click it to enabl...

Page 217: ...Vigor2926 Series User s Guide 201 Network Interface Use the drop down list to specify an interface for this static route When you finish the configuration please click OK to save and exit this page ...

Page 218: ...ofile Src IP Start Display the IP address for the start of the source IP Src IP End Display the IP address for the end of the source IP Dest IP Start Display the IP address for the start of the destination IP Dest IP End Display the IP address for the end of the destination IP Dest Port Start Display the IP address for the start of the destination port Dest Port End Display the IP address for the ...

Page 219: ...d as the destination IP Dest IP Start Type the destination IP start for the specified WAN interface Dest IP End Type the destination IP end for the specified WAN interface If this field is blank it means that all the destination IPs will be passed through the WAN interface Country Object Specify a country object All the IPs coming from the country countries specified in the object will be passed t...

Page 220: ...ilable settings are explained as follows Item Description Force NAT Force Routing It determines which mechanism that the router will use to forward the packet to WAN 5 After choosing the mechanism click Next to get the summary page for reference 6 If there is no error click Finish to complete wizard setting ...

Page 221: ... box to enable this policy Comment Type a brief explanation for such profile Protocol Use the drop down menu to choose a proper protocol for the WAN interface Source Any Any IP can be treated as the source IP IP Range Define a range of IP address as source IP addresses Start Type an address as the starting IP for such profile End Type an address as the ending IP for such profile IP Subnet Define a...

Page 222: ...reated as the destination IP Destination Port Any Any port number can be treated as the destination port Dest Port Range Start Type the destination port start for the destination IP End Type the destination port end for the destination IP If this field is blank it means that all the destination ports will be passed through the WAN interface Send to if criteria matched Interface Use the drop down l...

Page 223: ...er to option is enabled Administrator could also enable Failback to clear the existing session on Failover interface and return to the original interface immediately once the original interface resume its service When Failback is not enabled the router will only stop sending packets via the Failover interface when the existing sessions are cleared and this might take a long time because some appli...

Page 224: ... Specify a protocol for diagnosis Src IP Type an IP address as the source IP Dst IP Type an IP address as the destination IP Dst Port Use the drop down list to specify the destination port Analyze Click it to perform the job of analyzing The analyzed result will be shown on the page If required click export analysis to export the result as a file Input File Select Click the download link to get a ...

Page 225: ...Vigor2926 Series User s Guide 209 Note that the analysis was based on the current load balance route policy settings we do not guarantee it will be 100 the same as the real case ...

Page 226: ...able BGP Check the box to enable basic BGP function for local router Local AS Number Set the AS number for local router Hold Time Set the time interval in seconds to determine the peer is dead when the router is unable to receive any keepalive message from the peer within the time Connect Retry Time If the router fails to connect to neighboring router it requires a period of time to reconnect Set ...

Page 227: ...r local router and neighboring router I II I 6 6 3 3 1 1 S St ta at ti ic c N Ne et tw wo or rk k This page allows you to configure up to eight neighboring routers for exchanging the routing information with the local router Available settings are explained as follows Item Description Select Check the box to enable the configuration for the selected index entry IP Address Type the IP address for a...

Page 228: ...later Example 1 In the following figure a LAN to LAN VPN tunnel is built between DrayTek VPN router e g Vigor2926 series and the remote router Firewall Router can receive all of the traffic coming from remote PC which wants to access into Internet and send back the packets to Remote Router through VPN Router 1 Establish a VPN tunnel between VPN Router and the Remote Router 2 Change to default rout...

Page 229: ...e adjust the value of Priority for such route policy In general default route is specified with the lowest priority for it value is fixed as 250 And Routes in Routing Table are fixed as 150 You can adjust the value for such route policy with lower value e g 100 to ensure it will be applied to packets transmission with the highest priority 5 After finished the above settings click OK to save the co...

Page 230: ...To route the packets coming from the Firewall Router back to the remote router access into the web user interface of the Firewall Router Then set 192 168 1 1 24 as the gateway IP address and set 172 16 3 0 24 as the destination IP address ...

Page 231: ...f Router A to break through the Internet censorship circumvention A VPN tunnel has been established between Router A and router B 1 Access into the web user interface of Router A 2 Open Load Balance Route Policy General Setup 3 Click any index number e g 1 in this case 4 In the following web page check Enable type 192 168 1 10 as Src IP Range type 213 57 89 100 as the Destination IP for the remote...

Page 232: ...202 211 100 10 or 203 98 200 10 which IP or mapping is decided by the internal load balancing algorithm With address mapping feature you can manually configure any host mapping to any WAN interface to fit the request In the above example you can configure NAT Host 1 to always map to 202 211 100 10 WAN1 Host 2 to always map to 202 211 100 11 WAN1 alias Hostd 3 always map to 203 98 200 10 WAN2 and G...

Page 233: ... of WAN 1 to open the following page From the above figure set main WAN IP address as 202 211 100 10 Click the WAN IP Alias button to configure the other IP address which is 202 211 100 11 Make sure Join IP NAT Pool is not checked Click OK to save the settings ...

Page 234: ...18 4 After finished configuration for WAN1 open Load Balance Route Policy General Setup Choose Advance Mode 5 Click Index number 1 and 2 to configure the details After finished the settings click OK to save the settings respectively ...

Page 235: ... User s Guide 219 And 6 Upon completing the above configuration you have specified the outgoing IP address es for some specific computers 7 Now you bind some specific computers to some WAN IP alias for outgoing traffic ...

Page 236: ...he following figure shows a simple application of load balance WAN1 and WAN2 can be used to access into Internet The PC in LAN1 can send the data to the remote PC through the specified WAN1 1 Access into web user interface of Vigor2926 series Open Load Balance Route Policy General Setup 2 From the following web page simply click index number 1 ...

Page 237: ...nd Dest IP End with 203 65 1 35 and 203 65 1 35 choose WAN1 as the Interface click default gateway do not check Failover to 4 After finished the above settings click OK to save the configuration Now the packets sent to the remote PC IP address 203 65 1 35 will be forced to pass through WAN1 ...

Page 238: ...tilize this SIM card to provide more useful functions for user Now we have developed some useful functions for user such as sending SMS from a router to report router status rebooting router remotely via SMS with taking security into consideration and so on This section can guide you to use the SIM card in LTE WAN to perform SMS related operations Info This function is used for L models only ...

Page 239: ...If it is checked no SMS for LTE will be sent after the quota limit is expired Send Mail Alert to Administrator If it is checkd a mail alert will be sent to the administrator when the quota limit is expired Monthly This setting is to offer a mechanism of resetting the number of SMS sent record every month SMS quota resets on day XX at XX You can determine the starting day in one month The number of...

Page 240: ...e whole cycle is 20 days When the time is up the router will reset the number of SMS sent automatically Today is day XX in the cycle Specify the day in the cycle duration as the starting point which Vigor router will reset the number of SMS sent For example 3 means the third day of the duration cycle ...

Page 241: ...ease note that the SIM card can not receive new SMS when all SMS indexes are occupied Click the Simple Mode link or the Advanced Mode link below to switch between these two modes I II I 7 7 2 2 1 1 S Si im mp pl le e M Mo od de e Available settings are explained as follows Item Description Mark as Read Those messages in unread state are showed in bold text If you want to change messages into read ...

Page 242: ... Description Mark as Read Those SMS in unread state are shown in bold text If you want to change SMS into read state select them and click the OK button Checking the checkbox in title will select all unread SMS in this page Delete If you want to delete SMS select them and click the OK button Checking the checkbox in title will select all SMS in this page Index If you want to read the full content ...

Page 243: ...s Guide 227 Message Content Display the full content of the message OK Return to previous page Delete Click it to delete all SMS of this message and return to previous page Next Click it to see the content of next SMS index ...

Page 244: ...t can be an international phone number 8869123455678 or a general phone number 0912345678 Data Coding Scheme The router will automatically select a suitable Data Coding Scheme according to the current content in Message GSM 7 bit and UCS 2 are supported Message Type in the message content to send The total number of characters that you can type in this field is 1024 Send Message Click it to send t...

Page 245: ...on to reboot Vigor router remotely and get the router status via SMS Go to LTE Router Commands to get the following page Available settings are explained as follows Item Description Reboot on SMS Message Enable with Password PIN To reboot Vigor router remotely via SMS please check such box and type the password PIN number treated as ...

Page 246: ...ntering the password PIN specified in this field The password shall be composed by letters numbers and baseline Access Control List Check the box to type or modify up to 3 phone numbers The phone number specified here is capable of getting related information about Vigor router remotely Note If such option is enabled only mobile phones specified here are allowed to obtaine related information abou...

Page 247: ...tional Mobile Equipment Identity of the embedded LTE module IMSI International Mobile Subscripber Identity of the LTE SIM card Access Tech Type of LTE connection CDMA GSM WCDMA LTE TD SCDMA Band Band of LTE connection Operator ISP name of LTE connection Mobile Country Code Mobile Network Code Location Area Code Cell ID Base station information Signal Signal strength of LTE connection Active Channe...

Page 248: ...link rate of LTE connection SMS Centre Number The phone number for SMS service of the LTE SIM card SMS Service status Whether the SMS service of the LTE SIM card is ready SMS Loading Whether the received SMS messages in the LTE SIM card have been loaded to the Router New SMS The number of unread SMS in SMS Inbox ...

Page 249: ...ser s Guide 233 P Pa ar rt t I II II I W Wi ir re el le es ss s L LA AN N Wireless LAN enables high mobility so WLAN users can simultaneously access all LAN facilities just like on a wired LAN as well as Internet access ...

Page 250: ...IEEE 802 11n draft 2 protocol To boost its performance further the Vigor Router is also loaded with advanced wireless technology to lift up data rate up to 300 Mbps Hence you can finally smoothly enjoy stream music and video Vigor2926 wireless router is a highly integrated wireless local area network WLAN for 5 GHz 802 11ac or 2 4 5 GHz 802 11n WLAN applications It supports channel operations of 2...

Page 251: ...cryption while WPA2 applies AES The WPA Enterprise combines not only encryption but also authentication Since WEP has been proved vulnerable you may consider using WPA for the most secure connection You should select the appropriate security mechanism according to your needs No matter which security suite you select they all will enhance the over the air data protection and or privacy on your wire...

Page 252: ...e in Europe we will open channels 52 56 60 64 100 104 108 112 116 120 124 128 132 and 136 At present we will not open DFS channels in the USA because we do not have plan for DFS certification in the USA Channels 52 56 60 64 100 104 108 112 116 120 124 128 132 and 136 will be restricted in the USA In some countries there are restrictions on DFS channels as well We will implement country code to res...

Page 253: ...sted below 1 Open Wizards Wireless Wizard 2 The screen of wireless wizard will be shown as follows This page will be used for internal users in a company or your home Besides the settings will change based on different model of Vigor2926 series In this case Vigor2926ac is used as an example Available settings are explained as follows Item Description Wireless 2 4GHz Settings Name Type the SSID nam...

Page 254: ...same settings configured above Name Type the SSID name of this router for wireless 5GHz Mode At present the router can connect to 11a Only 11n Only 5GHz Mixed 11a 11n and Mixed 11a 11n 11ac stations simultaneously Channel Means the channel of frequency of the wireless LAN The default channel is 36 You may switch channel if the selected channel is under serious interference If you have no idea of c...

Page 255: ...ble Check the box to set the bandwidth limit for data transmission in upload and download It controls the data transmission rate through wireless connection Total Upload Check Enable and type the transmitting rate for data upload Default value is 30 000 kbps Total Download Type the transmitting rate for data download Default value is 30 000 kbps Wireless 5GHz Settings Enable Disable Click it to en...

Page 256: ...ing by 0x such as 0x321253abcde Next Click it to get into the next setting page Cancel Exit the wireless wizard without saving any changes 4 After typing the required information click Next 5 The following page will display the configuration summary for wireless setting 6 Click Finish to complete the wireless settings configuration ...

Page 257: ...he wireless channel Please refer to the following figure for more information Available settings are explained as follows Item Description Enable Wireless LAN Check the box to enable wireless function Mode 2 4GHz in n and ac model At present the router can connect to 11g Only 11n Only 2 4 GHz Mixed 11b 11g Mixed 11g 11n and Mixed 11b 11g 11n stations simultaneously Simply choose Mixed 11b 11g 11n ...

Page 258: ...ons simultaneously Simply choose Mixed 11a 11n 11ac mode Note 802 11b g operates on 2 4G band 802 11a operates on 5G band 802 11n operates on either 2 4G or 5G band and 802 11ac operates on 5G band only Channel Means the channel of frequency of the wireless LAN The default channel is 6 You may switch channel if the selected channel is under serious interference If you have no idea of choosing the ...

Page 259: ...or your necessity SSID Means the identification of the wireless LAN SSID can be any text numbers or various special characters Isolate Member Check this box to make the wireless clients stations with the same SSID not accessing for each other VPN Check this box to make the wireless clients stations with different VPN not accessing for each other Schedule Set the wireless LAN to work at certain tim...

Page 260: ...default security mode is provided and stated on the label pasted on the bottom of the router For the wireless client who wants to access into Internet through such router please input the default PSK value for connection By clicking the Wireless LAN Security Settings a new web page will appear so that you could configure the settings of WPA and WEP Available settings are explained as follows Item ...

Page 261: ...lients and the encryption key should be entered in PSK WPA2 PSK Accepts only WPA2 clients and the encryption key should be entered in PSK Mixed WPA WPA2 PSK Accepts WPA and WPA2 clients simultaneously and the encryption key should be entered in PSK WPA The WPA encrypts each frame transmitted from the radio using the key which either PSK Pre Shared Key entered manually in this field below or automa...

Page 262: ...wireless clients only by locking their MAC address into a black or white list The user may block wireless clients by inserting their MAC addresses into a black list or only let them be able to connect by inserting their MAC addresses into a white list In the Access Control web page users may configure the white black list modes used by each SSID and the MAC addresses applied to their lists Availab...

Page 263: ... list Clear All Clean all entries in the MAC address list After finishing all the settings here please click OK to save the configuration I II II I 1 1 5 5 W WP PS S WPS Wi Fi Protected Setup provides easy procedure to make network connection between wireless station and wireless access point vigor router with the encryption of WPA and WPA2 Info WPS is available for the wireless station with WPS s...

Page 264: ...art PBC button of network card If you want to use PIN code you have to know the PIN code specified in wireless client Then provide the PIN code of the wireless client you wish to connect to the vigor router For WPS is supported in WPA PSK or WPA2 PSK mode if you do not choose such mode in Wireless LAN Security you will see the following message box Please click OK and go back Wireless LAN Security...

Page 265: ...ode of the router Only WPA2 PSK and WPA PSK support WPS Configure via Push Button Click Start PBC to invoke Push Button style WPS setup procedure The router will wait for WPS requests from wireless clients about two minutes The WPS LED on the router will blink fast when WPS is in progress It will return to normal condition after two minutes You need to setup WPS within two minutes Configure via Cl...

Page 266: ...t through the router AP with Bridge mode configured The packets received from a WDS link will only be forwarded to local wired or wireless hosts Repeater Extended Wireless stations clients within the effective range of wireless signal can access into Internet through the router AP Wireless stations clients out of the effective range of wireless signal can access into Internet through the router AP...

Page 267: ...from a WDS link will only be forwarded to local wired or wireless hosts In other words only Repeater mode can do WDS to WDS packet forwarding In the following examples hosts connected to Bridge 1 or 3 can communicate with hosts connected to Bridge 2 through WDS links However hosts connected to Bridge 1 CANNOT communicate with hosts connected to Bridge 3 through Bridge 2 Click WDS from Wireless LAN...

Page 268: ...s for the second one Security There are three types for security Disable WEP and Pre shared key The setting you choose here will make the following WEP or Pre shared key field valid or not Choose one of the types for the router WEP When WEP is selected as Security above Vigor router will use the same WEP key set in Wireless LAN Security Settings page All you have to do is to make sure WEP mode and...

Page 269: ... peer MAC addresses are allowed to be entered in this page at one time Yet please disable the unused link to get better performance If you want to invoke the peer MAC address remember to check Enable box in the front of the MAC address after typing Repeater If you choose Repeater as the connecting mode please type in the peer MAC address of VigorAP Vigor router required to make connection with suc...

Page 270: ...ghboring devices of 802 11a b g Channel Bandwidth 20 the router will use 20Mhz for data transmission and receiving between the AP and the stations 40 the router will use 40Mhz for data transmission and receiving between the AP and the stations 20 40 Vigor Router will scan for nearby wireless AP and then use 20MHz if the number of AP is more than 10 or use 40MHz if it s not Guard Interval It is to ...

Page 271: ...r save delivery is an enhancement over the power save mechanisms supported by Wi Fi networks It allows devices to take more time in sleeping state and consume less power to improve the performance by minimizing transmission latency The default setting is Disable Fragment Length 256 2346 Set the Fragment threshold Do not modify default value if you don t know what it is default value is 2346 RTS Th...

Page 272: ...wireless station will use it to connect with Vigor router Enable Check the box to enable the station control function Connection Time Reconnection Time Use the drop down list to choose the duration for the wireless client connecting reconnecting to Vigor router Or type the duration manually when you choose User defined Display All Station Control List All the wireless stations connecting to Vigor ...

Page 273: ...to define the maximum data traffic uploading for all of the wireless clients connecting to Vigor2862 Total Download Limit It is available when Auto Adjustment is selected Type a value to define the maximum data clientstations connecting to Vigor2862 Upload Limit It is available when Per Station Limit is selected Type a value to define the maximum data traffic uploading for each wireless client con...

Page 274: ...nce of the APs on the wireless LAN Yet only the AP which is in the same channel of this router can be found Please click Scan to discover all the connected APs Available settings are explained as follows Item Description Scan It is used to discover all the connected AP The results will be shown on the box above this button Statistics It displays the statistics for the channels used by APs Add to I...

Page 275: ...e IEEE802 11 channel access mechanisms is that each station has equal probability to access the channel When wireless stations have similar data rate this principle leads to a fair result In this case stations get similar channel access time which is called airtime However when stations have various data rate e g 11g 11n the result is not fair The slow stations 11g work in their slow data rate and...

Page 276: ...ons 2 All stations mainly use download traffic 3 The performance bottleneck is wireless connection Available settings are explained as follows Item Description Enable Airtime Fairness Try to assign similar airtime to each wireless station by controlling TX traffic Airtime Fairness Click the link to display the following screen of airtime fairness note Triggering Client Number Airtime Fairness func...

Page 277: ...that frequency It helps to leave 2 4GHz band available for legacy clients and improves users experience by reducing channel utilization If dual band is detected the AP will let the wireless client connect to less congested wireless LAN such as 5GHz to prevent from network congestion Info To make Band Steering work successfully SSID and security on 2 4GHz also MUST be broadcasted on 5GHz ...

Page 278: ...ient is capable of dual band or not within the time limit Check Time If the wireless station does not have the capability of 5GHz network connection the system shall wait and check for several seconds 15 seconds in default to make the 2 4GHz network connection Specify the time limit for Vigor router to detect the wireless client After finishing this web page configuration please click OK to save t...

Page 279: ...he box of Enable Band Steering and use the default value 15 for check time setting 3 Click OK to save the settings 4 Open Wireless LAN 2 4GHz General Setup and Wireless LAN 5GHz General Setup Configure SSID as DrayTek2925_BandSteering for both pages Click OK to save the settings Same value for 2 4GHz and 5GHz ...

Page 280: ...nd Wireless LAN 5GHz Security Configure Security as 12345678 for both pages Click OK to save the settings 6 Now Vigor router will let the wireless clients connect to less congested wireless LAN such as 5GHz to prevent from network congestion Same value for 2 4GHz and 5GHz ...

Page 281: ...I requirement and cut off the network connection for that wireless station to assist it to connect another Wireless AP to get better signal This option is to disable the roaming mechanism Strictly Minimum RSSI Vigor router uses RSSI received signal strength indicator to decide to terminate the network connection of wireless station When the signal strength is below the value dBm set here Vigor rou...

Page 282: ...g with its status code There is a code summary below for explanation For convenient Access Control you can select a WLAN station and click Add to Access Control below Available settings are explained as follows Item Description Refresh Click this button to refresh the status of station list Add Click this button to add current typed MAC address into Access Control ...

Page 283: ...Vigor2926 Series User s Guide 267 P Pa ar rt t I IV V V Vo oI IP P Voice over IP network VoIP enables you to use your broadband Internet connection to make toll quality voice calls over the Internet ...

Page 284: ...d the password field and the sign following them This is very similar to a URL so some may call it SIP URL SIP supports peer to peer direct calling and also calling via a SIP proxy server a role similar to the gatekeeper in H 323 networks while the MGCP protocol uses client server architecture the calling scenario being very similar to the current PSTN network After a call is setup the voice strea...

Page 285: ... models also equip with automatic QoS assurance QoS Assurance assists to assign high priority to voice traffic via Internet You will always have the required inbound and outbound bandwidth that is prioritized exclusively for Voice traffic over Internet but you just get your data a little slower and it is tolerable for data traffic Our Vigor V models firstly apply efficient codecs designed to make ...

Page 286: ...only 1 Open Wizards VoIP Wizard 2 The screen of VoIP Wizard will be shown as follows Available settings are explained as follows Item Description Set VoIP service provider domain VoIP service provider Use the drop down list to choose the ISP which offers the VoIP service for your router SIP Port Use the default setting 5060 Set Account quickly Account Number Name Type the account number name regis...

Page 287: ...to configure Phone 2 settings simply check this box Next Click it to get into the next setting page Cancel Click it to give up the VoIP wizard 3 After finished the settings above click Next for viewing summary of such connection 4 Click Finish A page of VoIP Wizard Setup OK will appear ...

Page 288: ...box and click OK the following page appears for you to configure secure phone IP call and set NAT Traversal Setting RTP for the VoIP function Available settings are explained as follows Item Description Secure Phone Enable Secure Phone It allows users to have encrypted RTP stream with the peer side using the same protocol ZRTP SRTP Check this box to have secure call Enable SAS Voice Prompt If it i...

Page 289: ...them IP Call Enable IP Call It allows that a user could dial outgoing IP Calls and Vigor router could receive the incoming IP Calls A Ap pp pl li ic ca at ti io on n f fo or r S Se ec cu ur re e P Ph ho on ne e Enable SAS Voice Prompt for ex if vigor router A calls vigor router B with checking Enable Secure Phone and Enable SAS Voice Prompt then 1 After the connection established vigor router A wi...

Page 290: ...l secured until the call ends Info If the incoming or outgoing calls do not match any entry on the phonebook the router will try to make the call being protected But if the call ends up unprotected e g peer side does not support ZRTP SRTP the router will not play out a warning message ...

Page 291: ... destination using AccountName Domain Realm as identity Info Selection items for Ring Port will differ according to the router you have Available settings are explained as follows Item Description Index Click this link to access into next page for setting SIP account Profile Display the profile name of the account Domain Realm Display the domain name or IP address of the SIP registrar server Proxy...

Page 292: ...You can type similar name with the domain For example if the domain name is draytel org then you might set draytel 1 in this field Register via If you want to make VoIP call without register personal information please choose None and check the box to achieve the goal Some SIP server allows user to use VoIP function without registering For such server please check the box of Call without Registrat...

Page 293: ...entication ID Check the box to invoke this function and enter the name or number used for SIP Authorization with SIP Registrar If this setting value is the same as Account Name it is not necessary for you to check the box and set any value in this field Password The password provided to you when you registered with a SIP service Expiry Time The time duration that your SIP Registrar server keeps yo...

Page 294: ...setting is 30 sec Ring Port Set Phone 1 and or Phone 2 as the default ring port s for this SIP account Ring Pattern Choose a ring tone type for the VoIP phone call Prefer Codec Select one of five codecs as the default for your VoIP calls The codec used for each call will be negotiated with the peer party before each session and so may not be your default choice The default codec is G 729A B it occ...

Page 295: ...an detect if the voice on both sides is active or not If not the router will do something to save the bandwidth for other using Click On to invoke this function click off to close the function After finishing all the settings here please click OK to save the configuration ...

Page 296: ... 1 4 4 1 1 P Ph ho on ne e B Bo oo ok k In this section you can set your VoIP contacts in the phonebook It can help you to make calls quickly and easily by using speed dial Phone Number There are total 60 index entries in the phonebook for you to store all your friends and family members SIP addresses Loop through and Backup Phone Number will be displayed if you are using Vigor2926 series for sett...

Page 297: ...ion Backup Phone Number When the VoIP phone obstructs or the Internet breaks down for some reasons the backup phone will be dialed out to replace the VoIP phone number At this time the phone call will be changed from VoIP phone into PSTN call according to the loop through direction chosen Note that during the phone switch the blare of phone will appear for a short time And when the VoIP phone is s...

Page 298: ...one No action Add When you choose this mode the OP number will be added before the match prefix number for calling out through the specific route Strip When you choose this mode the partial or whole match prefix number will be deleted according to the OP number Take the above picture Prefix Table Setup web page as an example the OP number of 886 will be deleted completely for the match prefix numb...

Page 299: ... number is between 7 and 9 that number can apply the prefix number settings here Max Len Set the maximum length of the dial number for applying the prefix number settings Route Choose the one that you want to enable the prefix number settings from the saved SIP accounts Please set up one SIP account first to make this interface available This item will be changed according to the port settings con...

Page 300: ...ck the incoming calls without caller ID on the interface Phone port specified in the following window Such control also can be done based on preconfigured schedules For Block Unknown Domain this function can block incoming calls through Phone port from unrecognized domain that is not specified in SIP accounts Such control also can be done based on preconfigured schedules For Block IP Address this ...

Page 301: ...N OUT both incoming and outgoing calls Barring Type Determine the type of the VoIP phone call URI URL or number Specific URI URL or Specific Number This field will be changed based on the type you selected for barring Type Route All means all the phone calls will be blocked with such mechanism Index 1 15 in Schedule Enter the index of schedule profiles to control the call barring according to the ...

Page 302: ...incoming phone call however you want to call back again for some reason Please dial number typed in this field to call back to that one Last Call Return Out Dial the number typed in this field to call the previous outgoing phone call again Call Forward All Act Dial the number typed in this field to forward all the incoming calls to the specified place Call Forward Deact Dial the number typed in th...

Page 303: ...g calls from unknown domain Block Unknown Domain Deact Dial the number typed in this field to release this function Block IP Calls Act Dial the number typed in this filed to block all the incoming calls from IP address Block IP Calls Deact Dial the number typed in this field to release this function Block Last Calls Act Dial the number typed in this field to block the last incoming phone call Afte...

Page 304: ...STN phones Call Feature A brief description for call feature will be shown in this field for your reference Tone Display the tone settings that configured in the advanced settings page of Phone Index Gain Display the volume gain settings for Mic Speaker that configured in the advanced settings page of Phone Index Default SIP Account draytel_1 is the default SIP account You can click the number bel...

Page 305: ...hout disturbing by VoIP phone call During the period the one who dial in will listen busy tone yet the local user will not listen any ring tone Index 1 15 in Schedule Enter the index of schedule profiles to control when the phone will ring and when will not according to the preconfigured schedules Refer to section Application Schedule for detailed configuration Index 1 60 in Phone Book Enter the i...

Page 306: ...or users To set the sound pattern of the phone set simply choose a proper region to let the system find out the preset tone settings and caller ID type automatically Or you can adjust tone settings manually if you choose User Defined TOn1 TOff1 TOn2 and TOff2 mean the cadence of the tone pattern TOn1 and TOn2 represent sound on TOff1 and TOff2 represent the sound off Available settings are explain...

Page 307: ...ing is used to adjust the loudness of the call waiting tone The smaller the number is the louder the tone is It is recommended for you to use the default setting Interdigit Timeout Type a value in this field to specify time limit for interdigit DTMF DTMF Mode There are four DTMF modes for you to choose InBand Choose this one then the Vigor will send the DTMF tone as audio directly when you press t...

Page 308: ...y at all Therefore this function can be enabled to give another number to replace the plus sign for example can be replaced by 00 Then the above phone number will become 008865972727 When the callee receives such number he can use re dial function to dial back to the caller I IV V 1 1 6 6 S St ta at tu us s From this page you can find codec connection and other important call status for each port ...

Page 309: ...d by present channel PeerID The present in call or out call peer ID the format may be IP or Domain Elapse hh mm ss The format is represented as hours minutes seconds Tx Pkts Total number of transmitted voice packets during this connection session Rx Pkts Total number of received voice packets during this connection session Rx Losts Total number of lost packets during this connection session Rx Jit...

Page 310: ...Vigor2926 Series User s Guide 294 This page is left blank ...

Page 311: ...a manner that emulates the properties of a point to point private link It is a form of VPN that can be used with a standard Web browser A digital certificate works as an electronic ID which is issued by a certification authority CA It contains information such as your name a serial number expiration dates etc and the digital signature of the certificate issuing authority so that a recipient can ve...

Page 312: ...een home office and customer Secure connection between Teleworker staff on business trip and main office Exchange data between remote office and main office POS between chain store and headquarters S Si it te e t to o S Si it te e L LA AN N t to o L LA AN N A connection between two router s LAN networks Allows employees in branch offices and head office to share the same network resources R Re em ...

Page 313: ...or VPN dial out connection from server to client step by step 1 Open Wizards VPN Client Wizard The following page will appear Available settings are explained as follows Item Description LAN to LAN Client Mode Selection Choose the client mode Route Mode NAT Mode If the remote network only allows you to dial in with single IP please choose NAT mode otherwise please choose Route Mode Please choose a...

Page 314: ...pes provided here Different type will lead to different configuration page After making the choices for the client profile please click Next You will see different configurations based on the selection s you made Info The following descriptions for VPN Type are based on the Route Mode specified in LAN to LAN Client Mode Selection When you choose PPTP None Encryption or PPTP Encryption you will see...

Page 315: ...Vigor2926 Series User s Guide 299 When you choose IPsec you will see the following graphic When you choose SSL you will see the following graphic ...

Page 316: ...oose L2TP over IPsec Nice to Have or L2TP over IPsec Must you will see the following graphic Available settings are explained as follows Item Description Profile Name Type a name for such profile The length of the file is limited to 10 characters ...

Page 317: ...VPN if WAN2 down If WAN2 failed the router will use WAN1 for VPN connection WAN2 Only Only establish VPN if WAN1 down If WAN1 failed the router will use WAN2 for VPN connection Always On Check to enable router always keep VPN connection Server IP Host Name for VPN Type the IP address of the server or type the host name for such VPN profile IKE Authentication Method IKE Authentication Method usuall...

Page 318: ...e This field is used to authenticate for connection when you select PPTP or L2TP with or without IPsec policy above The length of the user name is limited to 11 characters Password This field is used to authenticate for connection when you select PPTP or L2TP with or without IPsec policy above The length of the password is limited to 11 characters Remote Network IP Please type one LAN IP address a...

Page 319: ... Access Connection Management for viewing VPN Connection status Do another VPN Server Wizard Setup Click this radio button to set another profile of VPN Server through VPN Server Wizard View more detailed configuration Click this radio button to access VPN and Remote Access LAN to LAN for viewing detailed configuration ...

Page 320: ...Site VPN Remote Dial in User You can manage remote access by maintaining a table of remote user profile so that users can be authenticated to dial in via VPN connection Please choose a LAN to LAN Profile This item is available when you choose Site to Site VPN LAN to LAN as VPN server mode There are 32 VPN profiles for users to set Please choose a Dial in User Accounts This item is available when y...

Page 321: ... in User selected 2 After making the choices for the server profile please click Next You will see different configurations based on the selection you made Here we take the examples of choosing Site to Site VPN as the VPN Server Mode When you check PPTP SSL you will see the following graphic When you check PPTP IPsec L2TP three types or PPTP IPsec two types or L2TP with Policy Nice to Have Must yo...

Page 322: ... name for such profile The length of the file is limited to 10 characters User Name This field is used to authenticate for connection when you select PPTP or L2TP with or without IPsec policy above The length of the name is limited to 11 characters Password This field is used to authenticate for connection when you select PPTP or L2TP with or without IPsec policy above ...

Page 323: ...lient Peer ID Type the ID name for the remote client The length of the name is limited to 47 characters Remote Network IP Please type one LAN IP address according to the real location of the remote host for building VPN connection Remote Network Mask Please type the network mask according to the real location of the remote host for building VPN connection 3 After finishing the configuration please...

Page 324: ... detailed configuration V V 1 1 3 3 R Re em mo ot te e A Ac cc ce es ss s C Co on nt tr ro ol l Enable the necessary VPN service as you need If you intend to run a VPN server inside your LAN you should disable the VPN service of Vigor Router to allow VPN tunnel pass through as well as the appropriate NAT settings such as DMZ or open port Open VPN and Remote Access Remote Access Control After finis...

Page 325: ... In PPP Encryption MPPE Optional MPPE This option represents that the MPPE encryption method will be optionally employed in the router for the remote dial in user If the remote dial in user does not support the MPPE encryption algorithm the router will transmit no MPPE encrypted packets Otherwise the MPPE encryption scheme will be used to encrypt the data Require MPPE 40 128bits Selecting this opt...

Page 326: ...s when DHCP Disable set Enter a start IP address for the dial in PPP connection for LAN1 LAN2 LAN6 will be available if it is enabled Refer to LAN General Setup for enabling the LAN interface PPP Authentication Methods Select the method s to be used for authentication in PPP connection PPTP LDAP Profile Configured LDAP profiles will be listed under such item Simply check the one you want to enable...

Page 327: ...the data payload only It can just apply to local packet e g L2TP over IPsec The Tunnel mode will not only add the AH ESP payload but also use a new IP header Tunneled IP header to encapsulate the whole original IP packet Authentication Header AH provides data authentication and integrity for IP packets passed between VPN peers This is achieved by a keyed one way hash function to the packet to crea...

Page 328: ...ncapsulating Security Payload ESP means payload data will be encrypted and authenticated You may select encryption algorithm from Data Encryption Standard DES Triple DES 3DES and AES After finishing all the settings here please click OK to save the configuration V V 1 1 6 6 I IP Ps se ec c P Pe ee er r I Id de en nt ti it ty y To use digital certificate for peer authentication in either LAN to LAN...

Page 329: ...e this account Check it to enable such account profile Accept Any Peer ID Click to accept any peer regardless of its identity Accept Subject Alternative Name Click to check one specific field of digital signature to accept the peer with matching value The field can be IP Address Domain or E mail Address The box under the Type will appear according to the type you select and ask you to fill in corr...

Page 330: ...esides you can extend the user accounts to the RADIUS server through the built in RADIUS client function The following figure shows the summary table Available settings are explained as follows Item Description Set to Factory Default Click to clear all indexes View All Click it to display the all of the user accounts Online Click it to display the online user accounts Offline Click it to display t...

Page 331: ...er the router will drop this connection By default the Idle Timeout is set to 300 seconds Allowed Dial In Type PPTP Allow the remote dial in user to make a PPTP VPN connection through the Internet You should set the User Name and Password of remote dial in user below IPsec Tunnel Allow the remote dial in user to make an IPsec VPN connection through Internet L2TP with IPsec Policy Allow the remote ...

Page 332: ...IPsec policy above The length of the password is limited to 19 characters Enable Mobile One Time Passwords mOTP Check this box to make the authentication with mOTP function PIN Code Type the code for authentication e g 1234 Secret Use the 32 digit secret number generated by mOTP in the mobile phone e g e759bb6f0e94c7ab4fe6 Subnet Chose one of the subnet selections for such VPN profile Assign Stati...

Page 333: ... configuration V V 1 1 8 8 L LA AN N t to o L LA AN N Here you can manage LAN to LAN connections by maintaining a table of connection profiles You may set parameters including specified connection direction dial in or dial out connection peer ID connection type VPN connection including PPTP IPsec Tunnel and L2TP by itself or over IPsec and corresponding security methods etc The router supports up ...

Page 334: ... LAN to LAN profile The symbol represents that the profile is empty Active V means the profile has been enabled X means the profile has not been enabled Status Online means such LAN to LAN profile is in use Offline means such LAN to LAN profile isn t in use even if the profile has been enabled To edit each profile 1 Click each index to edit each profile and you will get the following page Each LAN...

Page 335: ... This setting is useful for dial out only WAN1 First WAN2 First WAN3 First or LTE First WAN4 First While connecting the router will use WAN1 WAN2 WAN3 or LTE WAN4 as the first channel for VPN connection If WAN1 WAN2 WAN3 or LTE WAN4 fails the router will use another WAN interface instead WAN1 Only WAN2 Only WAN 3 Only or LTE Only WAN 4 Only While connecting the router will use WAN1 WAN2 WAN3 or LT...

Page 336: ... especially useful in the case of abnormal VPN IPsec tunnel disruption For details please refer to the note below Check to enable the transmission of PING packets to a specified IP address Enable PING to keep alive is used to handle abnormal IPsec VPN connection disruption It will help to provide the state of a VPN connection for router s judgment of redial Normally if any one of VPN peers wants t...

Page 337: ...ression Normally set to On to improve bandwidth utilization IKE Authentication Method This group of fields is applicable for IPsec Tunnels and L2TP with IPsec Policy Pre Shared Key Input 1 63 characters as pre shared key Digital Signature X 509 Select one predefined Profiles set in the VPN and Remote Access IPsec Peer Identity Peer ID Select one of the predefined Profiles set in VPN and Remote Acc...

Page 338: ... for Main mode We suggest you select the combination that covers the most schemes IKE phase 2 proposal To propose the local available algorithms to the VPN peers and get its feedback to find a match Three combinations are available for both modes We suggest you select the combination that covers the most algorithms IKE phase 1 key lifetime For security reason the lifetime of key should be defined ...

Page 339: ...et L2TP with IPsec Policy Allow the remote dial in user to make a L2TP VPN connection through the Internet You can select to use L2TP alone or with IPsec Select from below None Do not apply the IPsec policy Accordingly the VPN connection employed the L2TP without IPsec policy can be viewed as one pure L2TP connection Nice to Have Apply the IPsec policy first if it is applicable during negotiation ...

Page 340: ...k the box of Pre Shared Key to invoke this function and type in the required characters 1 63 as the pre shared key Digital Signature X 509 Check the box of Digital Signature to invoke this function and select one predefined Profiles set in the VPN and Remote Access IPsec Peer Identity Local ID Specify which one will be inspected first Alternative Subject Name First The alternative subject name con...

Page 341: ...TP or L2TP Remote Gateway IP This field is only applicable when you select PPTP or L2TP with or without IPsec policy above The default value is 0 0 0 0 which means the Vigor router will get a remote Gateway PPP IP address from the remote router during the IPCP negotiation phase If the PPP IP address is fixed by remote side specify the fixed IP address here Do not change the default value if you do...

Page 342: ...t coming from the IP address defined in the Virtual IP Mapping list After checking the box of IPSec VPN with the Same subnet the options under TCP IP Network Settings will be changed as shown below Remote Network IP Remote Network Mask Add a static route to direct all traffic destined to this Remote Network IP Address Remote Network Mask through the VPN connection For IPSec this is the destination...

Page 343: ...Whole Subnet Specific IP Address Virtual IP Mapping A pop up dialog will appear for you to specify the local IP address and the mapping virtual IP address 2 After finishing all the settings here please click OK to save the configuration ...

Page 344: ... activated when initial connection of single VPN tunnel is off line Before setting VPN TRUNK VPN Backup mechanism backup profile please configure at least two sets of LAN to LAN profiles with fully configured dial out settings first otherwise you will not have selections for grouping Member1 and Member2 F Fe ea at tu ur re es s o of f V VP PN N T TR RU UN NK K V VP PN N L Lo oa ad d B Ba al la an ...

Page 345: ...VPN Backup mechanism profile Member1 Display the dial out profile selected from the Member1 drop down list below Active Yes means normal condition No means the state might be disabled or that profile currently is set with Dial in mode for call direction in LAN to LAN Type Display the connection type for that profile such as IPsec PPTP L2TP L2TP over IPsec NICE L2TP over IPsec MUST and so on Member...

Page 346: ...ile Member1 Display the dial out profile selected from the Member1 drop down list below Active Yes means normal condition No means the state might be disabled or that profile currently is set with Dial in mode for call direction in LAN to LAN Type Display the connection type for that profile such as IPsec PPTP L2TP L2TP over IPsec NICE L2TP over IPsec MUST and so on Member2 Display the dial out pr...

Page 347: ...e Status Enable or Disable profile name member1 or member2 Delete Click this button to delete the selected VPN TRUNK profile The corresponding members LAN to LAN profiles grouped in the deleted VPN TRUNK profile will be released and that profiles in LAN to LAN will be displayed in black T Ti im me e f fo or r a ac ct ti iv va at ti in ng g V VP PN N T TR RU UN NK K V VP PN N B Ba ac ck ku up p m m...

Page 348: ... one of the LAN to LAN profiles from Member1 drop down list choose one of the LAN to LAN profiles from Member2 drop down list and click Add at last 4 Take a look for LAN to LAN profiles Index 1 is chosen as Member1 index 2 is chosen as Member2 For such reason LAN to LAN profiles of 1 and 2 will be expressed in red to indicate that they are fixed If you delete the VPN TRUNK VPN Backup Load Balance ...

Page 349: ...ver 192 168 50 200 in the field of Peer GRE IP A Ad dv va an nc ce ed d L Lo oa ad d B Ba al la an nc ce e a an nd d B Ba ac ck ku up p After setting profiles for load balance you can choose any one of them and click Advance for more detailed configuration The windows for advanced load balance and backup are different Refer to the following explanation ...

Page 350: ...It can be divided into Auto Weighted and According to Speed Ratio Auto Weighted can detect the device speed 10Mbps 100Mbps and switch with fixed value ratio 3 7 for packet transmission If the transmission rate for packets on both sides of the tunnels is the same the value of Auto Weighted should be 5 5 According to Speed Ratio allows user to adjust suitable rate manually There are 100 groups of ra...

Page 351: ...nding tunnel table can be established UDP means when the source IP destination IP destination port and fragment conditions match with the settings specified here and UDP Service Port also fits the number here such binding tunnel table can be established TCP UPD means when the source IP destination IP destination port and fragment conditions match with the settings specified here and TCP UDP Servic...

Page 352: ...ing Des IP range Start and End Choose TCP UDP IGMP ICMP or Other as Binding Protocol A Ad dv va an nc ce ed d B Ba ac ck ku up p Available settings are explained as follows Item Description Profile Name List the backup profile name ERD Mode ERD means Environment Recovers Detection Normal choose this mode to make all dial out VPN TRUNK ...

Page 353: ...VPN connections You may disconnect any VPN connection by clicking Drop button You may also aggressively Dial out by using Dial out Tool and clicking Dial button Available settings are explained as follows Item Description Dial out Tool General Mode This filed displays the profile configured in LAN to LAN with Index number and VPN Server IP address The VPN connection built by General Mode does not ...

Page 354: ... User s Guide 338 Dial Click this button to execute dial out function Refresh Seconds Choose the time for refresh the dial information among 5 10 and 30 Refresh Click this button to refresh the whole connection status ...

Page 355: ...ti io on n o on n V Vi ig go or r R Ro ou ut te er r f fo or r H He ea ad d O Of ff fi ic ce e 1 Log into the web user interface of Vigor router 2 Open VPN and Remote Access LAN to LAN to create a LAN to LAN profile The following settings are for a permanent VPN connection 3 Click any index number to open the configuration page Type a name which is easy for identification for such profile in this ...

Page 356: ...l and L2TP boxes Check the box of Specify Remote and type the Peer VPN Server IP e g 218 242 130 19 in this case Press the IKE Pre Shared Key button to set the PSK and select Medium AH or High ESP as the security method 5 Continue to navigate to the TCP IP Network Settings for setting the LAN IP for remote side ...

Page 357: ...g into the web user interface of Vigor router 2 Open VPN and Remote Access LAN to LAN to create a LAN to LAN profile The following settings are for a permanent VPN connection 3 Click any index number to open the configuration page Type a name which is easy for identification for such profile in this case type VPN Client and check the box of Enable This Profile For such Vigor router will be set as ...

Page 358: ...service and type the remote server IP host name e g 218 242 133 91 in this case Press the IKE Pre Shared Key button to set the PSK and select Medium AH or High ESP as the security method 5 Continue to navigate to the TCP IP Network Settings for setting the LAN IP for the remote side 6 Click OK to save the settings ...

Page 359: ...Vigor2926 Series User s Guide 343 7 Open VPN and Remote Access Connection Management to check the dial in connection status from head office ...

Page 360: ...network is a form of VPN that can be used with a standard Web browser There are two benefits that SSL VPN provides It is not necessary for users to preinstall VPN client software for executing SSL VPN connection There are less restrictions for the data encrypted through SSL VPN in comparing with traditional VPN ...

Page 361: ...It will not affect the HTTPS Port configuration set in System Maintenance Management In general the default setting is 443 Server Certificate When the client does not set any certificate default certificate will be used for HTTPS and SSL VPN server Choose any one of the user defined certificates from the drop down list if users set several certificates previously Otherwise choose Self signed to us...

Page 362: ...uest network or web cafe The SSL technology is the same as the encryption that you use for secure web sites such as your online bank The SSL VPN can be operated in either full tunnel mode or proxy mode Now Vigor2926 series allows up to 16 simultaneous incoming users For SSL VPN identity authentication and power management are implemented through deploying user accounts Therefore the user account f...

Page 363: ...characters Password This field is applicable when you select PPTP or L2TP with or without IPsec policy above The length of the name password is limited to 19 characters Enable Mobile One Time Passwords mOTP Check this box to make the authentication with mOTP function PIN Code Type the code for authentication e g 1234 Secret Use the 32 digit secret number generated by mOTP in the mobile phone e g e...

Page 364: ...s of VPN Tunnel while connecting Block When there is conflict occurred between the hosts on both sides of VPN Tunnel in connecting such function can block data transmission of Netbios Naming Packet inside the tunnel Multicast via VPN Some programs might send multicast packets via VPN connection Pass Click this button to let multicast packets pass through the router Block This is default setting Cl...

Page 365: ...sulating Security Payload ESP means payload data will be encrypted and authenticated You may select encryption algorithm from Data Encryption Standard DES Triple DES 3DES and AES Local ID Specify a local ID to be used for Dial in setting in the LAN to LAN Profile setup This item is optional and can be used only in IKE aggressive mode After finishing all the settings here please click OK to save th...

Page 366: ...by applications such as User Management VPN and etc Each item is explained as follows Item Description Set to Factory Default Click to clear all indexes Index Display the number of the client which connecting to FTP server Name Display the name of the group profile Click any index number link to open the following page for detailed configuration Available settings are explained as follows ...

Page 367: ...simply choose the one from the left box and click the button It will be displayed in the Selected User Account on the right box For detailed information about configuring the profile setting refer to Objects Setting IP Group RADIUS The RADIUS server will do the authentication by using the username and password TACACS The TACACS will do the authentication by using the username and password LDAP Act...

Page 368: ...ss into DrayTek SSL VPN portal interface Next users can open SSL VPN Online Status to view logging status of SSL VPN Available settings are explained as follows Item Description Active User Display current user who visits SSL VPN server Host IP Display the IP address for the host Time out Display the time remaining for logging out Action You can click Drop to drop certain login user from the route...

Page 369: ...gor router support digital certificates conforming to standard X 509 Any entity wants to utilize digital certificates should first request a certificate issued by a CA server It should also retrieve certificates of other trusted CA servers so it can authenticate the peer with certificates issued by those trusted CA servers Here you can manage generate and manage the local digital certificates and ...

Page 370: ... import a saved file as the certification information Refresh Click this button to refresh the information listed below View Click this button to view the detailed settings for certificate request Delete Click this button to delete selected name with certification information G GE EN NE ER RA AT TE E Click this button to open Generate Certificate Signing Request window Type in all the information ...

Page 371: ... T Vigor router allows you to generate a certificate request and submit it the CA server then import it as Local Certificate If you have already gotten a certificate from a third party you may import it directly The supported types are PKCS12 Certificate and Certificate with a private key Click this button to import a saved file as the certification information There are three types of local certi...

Page 372: ...as OK Upload PKCS12 Certificate It allows users to import the certificate whose extensions are usually pfx or p12 And these certificates usually need passwords Note that PKCS12 is a standard for storing private keys and certificates securely It is used in among other things Netscape and Microsoft Internet Explorer with their import and export options Upload Certificate and Private Key It is useful...

Page 373: ...ttings for certificate request Info You have to copy the certificate request information from above window Next access your CA server and enter the page of certificate request copy the information into it and submit a request A new certificate will be issued to you by the CA server You can save it D De el le et te e Click this button to remove the selected certificate ...

Page 374: ...icate from a trusted root certificate authority is complicated and time consuming Therefore Vigor router offers a mechanism which allows you to generate root CA to save time and provide convenience for general user Later such root CA generated by DrayTek server can perform the issuing of local certificate Info Root CA can be deleted but not edited If you want to modify the settings for a Root CA p...

Page 375: ... the following window Use Browse to find out the saved text file Then click Import The one you imported will be listed on the Trusted CA Certificate window For viewing each trusted CA certificate click View to open the certificate detail information window If you want to delete a CA certificate choose the one and click Delete to remove all the certificate information ...

Page 376: ...ificate for this router can be saved within one file Please click Backup on the following screen to save them If you want to set encryption password for these certificates please type characters in both fields of Encrypt password and Confirm password Also you can use Restore to retrieve these two settings to the router whenever you want ...

Page 377: ...rity has been always the most concerned The firewall of the Vigor router helps to protect your local network against attack from unauthorized outsiders It also restricts users in the local network from accessing the Internet CSM is an abbreviation of Central Security Management which is used to control IM P2P usage filter the web content and URL content to reach a goal of security management ...

Page 378: ...ies unsolicited incoming data Selectable Denial of Service DoS Distributed DoS DDoS attacks protection I IP P F Fi il lt te er rs s Depending on whether there is an existing Internet connection or in other words the WAN link status is up or down the IP filter architecture categorizes traffic into two Call Filter and Data Filter Call Filter When there is no existing Internet connection Call Filter ...

Page 379: ...exhaust all your system s resource while the vulnerability attacks will try to paralyze the system by offending the vulnerabilities of the protocol or operation system The DoS Defense function enables the Vigor router to inspect every incoming packet based on the attack signature database Any malicious packet that might duplicate itself to paralyze the host in the secure LAN will be strictly block...

Page 380: ... So here you assign the Start Filter Set only Also you can configure the Log Flag settings Apply IP filter to VPN incoming packets and Accept incoming fragmented UDP packets Click Firewall and click General Setup to open the general setup page G Ge en ne er ra al l S Se et tu up p P Pa ag ge e Such page allows you to enable disable Call Filter and Data Filter determine general rule for filtering t...

Page 381: ... while transmitting through Vigor router will be filtered by firewall If the firewall system e g content filter server does not make any response pass or block for these packets then the router s firewall will block the packets directly Block connections initiated from WAN Usually IPv6 network sessions traffic from WAN to LAN will be accepted by IPv6 firewall in default IPv6 To prevent remote clie...

Page 382: ...t do not match with the filter rules Sessions Control The number typed here is the total sessions of the packets that do not match the filter rule configured in this page The default setting is 60000 Quality of Service Choose one of the QoS rules to be applied as firewall rule For detailed information of setting QoS please refer to the related section later User Management Such item is available o...

Page 383: ...rst Or choose Create New from the drop down list in this page to create a new profile For troubleshooting needs you can specify to record information for URL Content Filter by checking the Log box It will be sent to Syslog server Please refer to section Syslog Mail Alert for more detailed information Web Content Filter Select one of the Web Content Filter profile settings created in CSM Web Conten...

Page 384: ...ed Please use the drop down list to choose a codepage If you do not have any idea of choosing suitable codepage please open Syslog From Codepage Information of Setup dialog you will see the recommended codepage listed on the dialog box Window size It determines the size of TCP protocol 0 65535 The more the value is the better the performance will be However if the network is not stable small value...

Page 385: ...ck Active to enable the rule Available settings are explained as follows Item Description Filter Rule Click a button numbered 1 7 to edit the filter rule Click the button will open Edit Filter Rule web page For the detailed information refer to the following page Active Enable or disable the filter rule Comment Enter filter set comments description Maximum length is 23 character long Direction Dis...

Page 386: ...ia several setting pages Advance Mode Allow to configure detailed settings of filter rule To use Wizard Mode simple do the following steps 1 Click the Wizard Mode radio button 2 Click Index 1 The setting page will appear as follows Available settings are explained as follows Item Description Comments Enter filter set comments description Maximum length is 14 character long Direction Set the direct...

Page 387: ...p down list to choose the object that you want Protocol Specify the protocol s which this filter rule will apply to Source Port Destination Port when the first and last value are the same it indicates one port when the first and last values are different it indicates a range for the port and available for this service type when the first and last value are the same it indicates all the ports excep...

Page 388: ... drop down list in this page to create a new profile For troubleshooting needs you can specify to record information for URL Content Filter by checking the Log box It will be sent to Syslog server Please refer to section Syslog Mail Alert for more detailed information Web Content Filter Select one of the Web Content Filter profile settings created in CSM Web Content Filter for applying with this r...

Page 389: ...Vigor2926 Series User s Guide 373 5 If there is no error click Finish to complete wizard setting ...

Page 390: ...length is 14 character long Index 1 15 Set PCs on LAN to work at certain time interval only You may choose up to 4 schedules out of the 15 schedules pre defined in Applications Schedule setup The default setting of this field is blank and the function will always work Clear sessions when schedule ON Check this box to clear the sessions when the above schedule profiles are applied Direction Set the...

Page 391: ...dress Single Address Range Address Subnet Address as the Address Type and type them in this dialog In addition if you want to use the IP range from defined groups or objects please choose Group and Objects as the Address Type From the IP Group drop down list choose the one that you want to apply Or use the IP Object drop down list to choose the object that you want Service Type Click Edit to acces...

Page 392: ...t indicates that all the ports except the range defined here are available for this service type the port number greater than this value is available the port number less than this value is available for this profile Service Group Object Use the drop down list to choose the one that you want Fragments Specify the action for fragmented packets And it is used for Data Filter only Don t care No actio...

Page 393: ...lated section later User Management Such item is available only when Rule Based is selected in User Management General Setup The general firewall rule will be applied to the user user group all users specified here Note When there is no user profile or group profile existed Create New User or Create New Group item will appear for you to click to create a new one APP Enforcement Select an APP Enfor...

Page 394: ... more detailed information DNS Filter Select one of the DNS Filter profile settings created in CSM DNS Filter for applying with this router Please set at least one profile in CSM Web Content Filter web page first Or click the DNS Filter link from the drop down list in this page to create a new profile Advance Setting Click Edit to open the following window However it is strongly recommended to use...

Page 395: ...he data flow which matched with the firewall rule DrayTek Banner Please uncheck this box and the following screen will not be shown for the unreachable web page The default setting is Enabled Strict Security Checking All the packets while transmitting through Vigor router will be filtered by firewall settings configured by Vigor router When the resource is inadequate the packets will be blocked if...

Page 396: ...s from the Internet has exceeded the defined value the Vigor router will start to randomly discard the subsequent TCP SYN packets for a period defined in Timeout The goal for this is prevent the TCP SYN packets attempt to exhaust the limited resource of Vigor router By default the threshold and timeout values are set to 2000 packets per second and 10 seconds respectively That means when 2000 packe...

Page 397: ...function The Vigor router will ignore any IP packets with IP option field in the datagram header The reason for limitation is IP option appears to be a vulnerability of the security for the LAN because it will carry significant information such as security TCC closed user group parameters a series of Internet addresses routing messages etc An eavesdropper outside might learn the details of your pr...

Page 398: ...t the packets The Vigor routers will block any packets realizing this attacking activity Block ICMP Fragment Check the box to activate the Block ICMP fragment function Any ICMP packets with more fragment bit set are dropped Block Unassigned Numbers Check the box to activate the Block Unknown Protocol function Individual IP packet has a protocol field in the datagram header to indicate the protocol...

Page 399: ...packet The test result including firewall rule profile IP address translation in packet transmission state of the firewall fuctions and etc also will be shown on this page Info The result obtained by using Diagnose is offered for RD debug It will be different according to actual state such as netework connection LAN WAN settings and so on Available settings are explained as follows Item Descriptio...

Page 400: ...ination Dst Port Type the port number of the packet s destination Packet Payload In firewall diagnose two packets belong to one connection In general two packets are enough for Vigor router to perform this test Enable Check the box to send out the test packet Direction The first packet of the firewall test will follow the direction specified above However the direction for the second packet might ...

Page 401: ...Type setting Analyze Execute the test and analyze the result The following figure shows the test result after clicking Analyze Processing state for the fuctions MAC Filter QoS User management etc related to the firewall will be displayed by green or red LED ...

Page 402: ... 168 1 20 accessing to Internet through Vigor router Others e g 192 168 1 31 and 192 168 1 32 outside the range can get the source from LAN only The way we can use is to set two rules under Firewall For Rule 1 of Set 2 under Firewall Filter Setup is used as the default setting we have to create a new rule starting from Filter Rule 2 of Set 2 1 Access into the web user interface of Vigor router 2 O...

Page 403: ... Filter Rule 7 If Block If No Further Match for is selected for Filter the firewall of the router would check the packets with the rules starting from Rule 3 to Rule 7 The packets not matching with the rules will be processed according to Rule 2 4 Next set another rule Just open Firewall Filter Setup Click the Set 2 link and choose the Filter Rule 3 button 5 Check the box of Check to enable the Fi...

Page 404: ...t Type 192 168 1 10 in the field of Start IP and type 192 168 1 20 in the field of End IP Then click OK to save the settings The computers within the range can access into the Internet 7 Now check the content of Source IP is correct or not The action for Filter shall be set with Pass Immediately Then click OK to save the settings ...

Page 405: ...6 Series User s Guide 389 8 Both filter rules have been created Click OK Now all the settings are configured well Only the computers with the IP addresses within 192 168 1 10 192 168 1 20 can access to Internet ...

Page 406: ...hecks the URL strings or some of HTTP data hiding in the payload of TCP packets while legacy firewall inspects packets based on the fields of TCP IP headers only On the other hand Vigor router can prevent user from accidentally downloading malicious codes from web pages It s very common that malicious codes conceal in the executable objects such as ActiveX Java Applet compressed files and other ex...

Page 407: ...e will be applied in Default Rule of Firewall General Setup for filtering Available settings are explained as follows Item Description Set to Factory Default Clear all profiles Profile Display the number of the profile which allows you to click to set different policy Name Display the name of the APP Enforcement Profile Click the number under Index column for settings in detail There are four tabs...

Page 408: ...is 15 characters Select All Click it to choose all of the items in this page Clear All Uncheck all the selected boxes Enable Check the box to select the APP to be blocked by Vigor router Adv A button under Enable check box allows you to open a pop up window to specify activity for that APP The profiles configured here can be applied in the Firewall General Setup and Firewall Filter Setup pages as ...

Page 409: ...Vigor2926 Series User s Guide 393 Below shows the items which are categorized under Protocol The items categorized under P2P ...

Page 410: ...Vigor2926 Series User s Guide 394 The items categorized under OTHERS ...

Page 411: ... are explained as follows Item Description Upgrade Setting APPE Module Version Display current version status of APPE signature New version from the Internet Download button is available only when Vigor router detects new APPE version After clicking it a dialog will appear with information added to such new version Click OK to exit the dialog and start the signature upgrade Upgrade via interface C...

Page 412: ...Then click Upgrade and wait for the system completing the process Upgrade Automatically Scheduled Update Check the box to make Vigor router upgrading the APPE signature based on the schedule configured here After finishing all the settings please click OK to save the configuration ...

Page 413: ...licious codes from web pages It s very common that malicious codes conceal in the executable objects such as ActiveX Java Applet compressed files and other executable files Once downloading these types of files from websites you may risk bringing threat to your system For example an ActiveX control object is usually used for providing interactive web feature If malicious code hides inside it may o...

Page 414: ...uter will block all the packages that match with the conditions specified in URL Access Control and Web Feature below When you choose this setting both configuration set in this page for URL Access Control and Web Feature will be inactive Either URL Access Control First When all the packages matching with the conditions specified in URL Access Control and Web Feature below such function can determ...

Page 415: ...e Action This setting is available only when Either URL Access Control First or Either Web Feature First is selected Pass Allow accessing into the corresponding webpage with the keywords listed on the box below Block Restrict accessing into the corresponding webpage with the keywords listed on the box below If the web pages do not match with the keyword set here it will be processed with reverse a...

Page 416: ...ere it will be processed with reverse action Cookie Check the box to filter out the cookie transmission from inside to outside world to protect the local user s privacy Proxy Check the box to reject any proxy transmission To control efficiently the limited bandwidth usage it will be of great value to provide the blocking mechanism that filters out the multimedia files downloading from web pages Up...

Page 417: ...ou have to click Activate to satisfy your request Be aware that service provider matching with Vigor router currently offers a period of time for trial version for users to experiment If you want to purchase a formal edition simply contact with the channel partner or your dealer Click CSM and click Web Content Filter Profile to open the profile setting page The default setting for Setup Query Serv...

Page 418: ... server Test a site to verify whether it is categorized Click this link to do the verification Set to Factory Default Click this link to retrieve the factory settings Administration Message You can type the message manually for your necessity or click Default Message button to get the default text displayed on the field of Administration Message Cache None the router will check the URL that the us...

Page 419: ...er under Profile to open the following web page The items listed in Categories will be changed according to the different service providers If you have and activate another web content filter license the items will be changed simultaneously All of the configuration made for web content filter will be deleted automatically Therefore please backup your data before you change the web content filter l...

Page 420: ...allow accessing into the corresponding webpage with the categories listed on the box below Block restrict accessing into the corresponding webpage with the categories listed on the box below If the web pages do not match with the specified feature set here it will be processed with reverse action Log None There is no log file will be recorded for this profile Pass Only the log about Pass will be r...

Page 421: ...g 8 8 8 8 If the router server is used DNS Filter General Setting will be applied to DNS query from clients on LAN However if the external DNS server is used DNS Filter Profile will be applied to DNS query coming from clients on LAN Info For DNS filter must use the WCF service profile to filter the packets therefore WCF license must be activated first Otherwise DNS filter does not have any effect ...

Page 422: ...about Pass will be recorded in Syslog Block Only the log about Block will be recorded in Syslog All All the actions Pass and Block will be recorded in Syslog WCF Set the filtering conditions UCF Set the filtering conditions Black White List Specify IP address subnet mask IP object or IP group as a black list or white list for DNS packets passing through or blocked by Vigor router Administration Me...

Page 423: ...several useful services such as Anti Spam Web Content Filter Anti Intrusion and etc to filtering the web pages for the sake of protecting your system To access into MyVigor for getting more information please create an account for MyVigor C Cr re ea at te e a an n A Ac cc co ou un nt t v vi ia a V Vi ig go or r R Ro ou ut te er r 1 Click CSM Web Content Filter Profile The following page will appea...

Page 424: ...ies User s Guide 408 2 Click the Activate link A login page for MyVigor web site will pop up automatically 3 Click the link of Create an account now 4 Check to confirm that you accept the Agreement and click Accept ...

Page 425: ...Vigor2926 Series User s Guide 409 5 Type your personal information in this page and then click Continue 6 Choose proper selection for your computer and click Continue ...

Page 426: ...TART 8 Check to see the confirmation email with the title of New Account Confirmation Letter from myvigor draytek com 9 Click the Activate my Account link to enable the account that you created The following screen will be shown to verify the register process is finished Please click Login ...

Page 427: ...rd 11 Now click Login Your account has been activated You can access into MyVigor server to activate the service e g WCF that you want C Cr re ea at te e a an n A Ac cc co ou un nt t v vi ia a M My yV Vi ig go or r W We eb b S Si it te e 1 Access into http myvigor draytek com Find the line of Not registered yet Then click the link Click here to access into next page ...

Page 428: ...confirm that you accept the Agreement and click Accept 3 Type your personal information in this page and then click Continue 4 Choose proper selection for your computer and click Continue 5 Now you have created an account successfully Click START ...

Page 429: ...mation email with the title of New Account Confirmation Letter from myvigor draytek com 7 Click the Activate my Account link to enable the account that you created The following screen will be shown to verify the register process is finished Please click Login ...

Page 430: ... password that you just created in the fields of UserName and Password Then type the code in the box of Auth Code according to the value displayed on the right side of it Now click Login Your account has been activated You can access into MyVigor server to activate the service e g WCF that you want ...

Page 431: ... lt te er r There are two ways to block the facebook service Web Content Filter and URL Content Filter Web Content Filter Benefits Easily and quickly implement the category website that you want to block Note License is required URL Content Filter Benefits Free flexible for customize webpage Note Manual setting e g one keyword for one website I I V Vi ia a W We eb b C Co on nt te en nt t F Fi il l...

Page 432: ...Vigor2926 Series User s Guide 416 2 Open CSM Web Content Filter Profile to create a WCF profile Check Social Networking with Action Block 3 Enable this profile in Firewall General Setup Default Rule ...

Page 433: ...URL Content Filter A Block the web page containing the word of Facebook 1 Open Object Settings Keyword Object Click an index number to open the setting page 2 In the field of Contents please type facebook Configure the settings as the following figure 3 Open CSM URL Content Filter Profile Click an index number to open the setting page 4 Configure the settings as the following figure ...

Page 434: ...t configured from the drop down list in the field of URL Content Filter Now users cannot open any web page with the word facebook inside B Disallow users to play games on Facebook 1 Open Object Settings Keyword Object Click an index number to open the setting page 2 In the field of Contents please type apps facebook Configure the settings as the following figure ...

Page 435: ...g page 4 Configure the settings as the following figure 5 When you finished the above steps please open Firewall General Setup 6 Click the Default Rule tab Choose the profile just configured from the drop down list in the field of URL Content Filter Now users cannot open any web page with the word facebook inside ...

Page 436: ...Vigor2926 Series User s Guide 420 ...

Page 437: ...ting Configuration Backup Syslog Mail Alert Time and Date Management Reboot System Firmware Upgrade and Activation It is used to control the bandwith of data transmission through configuration of Sessions Limit Bandwidth Limit and Quality of Servie QoS It is a security feature which disallows any IP traffic except DHCP related packets from a particular host until that host has correctly supplied a...

Page 438: ...m setup there are several items that you have to know the way of configuration System Status TR 069 Administrator Password User Password Login Page Greeting Configuration Backup Syslog Mail Alert Time and Date Management Reboot System Firmware Upgrade and Activation Below shows the menu items for System Maintenance ...

Page 439: ...firmware version or firmware related information from this presentation Available settings are explained as follows Item Description Model Name Display the model name of the router Firmware Version Display the firmware version of the router Build Date Time Display the date and time of the current firmware build LAN MAC Address Display the MAC address of the LAN Interface IP Address Display the IP ...

Page 440: ...the WAN Interface Connection Display the connection type IP Address Display the IP address of the WAN interface Default Gateway Display the assigned IP address of the default gateway IPv6 Address Display the IPv6 address for LAN Scope Display the scope of IPv6 address For example IPv6 Link Local could only be used for direct IPv6 link It can t be used for IPv6 internet Internet Access Mode Display...

Page 441: ... V VI II I 1 1 2 2 T TR R 0 06 69 9 This device supports TR 069 standard It is very convenient for an administrator to manage a TR 069 device through an Auto Configuration Server e g VigorACS Available settings are explained as follows ...

Page 442: ...t is Disable If you click Enable please type the relational settings listed below Server IP Type the IP address of the STUN server Server Port Type the port number of the STUN server Minimum Keep Alive Period If STUN is enabled the CPE must send binding request to the server for the purpose of maintaining the binding in the Gateway Please type a number as the minimum period The default setting is ...

Page 443: ...ease the bandwidth setting for that CPE or not Enable Click it to enable such feature Time Period Choose the time interval 15 mins 30 mins 1hour 3 hours or 6 hours for CPE to send a notification of bandwidth utilization to VigorACS WAN Choose the WAN interface for applying the bandwidth utilization notification mechanism Threshold Level Set the percentage of bandwidth in transmission and receiving...

Page 444: ...assword Type in new password in this field The length of the password is limited to 23 characters Confirm Password Type in the new password again Administrator Local User The administrator can login web user interface of Vigor router to modify all of the settings to fit the requirements This feature allows other user in LAN who can access into the web user interface with the same privilege of the ...

Page 445: ...in account login to Web UI from the Internet an ensure any user accessing into web user interface of Vigor router through Internet by username password of admin admin Administrator LDAP Setting Enable LDAP AD login for admin users If it is enabled any user can access into the web user interface of Vigor router through the LDAP server authentication Enable admin account login to Web UI from the Int...

Page 446: ...rator password Password Type in new password in this field The length of the password is limited to 31 characters Confirm Password Type in the new password again Password Strength Display the security strength of the password specified above Set to Factory Default Click to return to the factory default setting When you click OK the login window will appear Please use the new password to access int...

Page 447: ...ing screen will appear Simply click OK 4 Log out Vigor router web user interface by clicking the Logout button 5 The following window will be open to ask for username and password Type the new user password in the filed of Password and click Login ...

Page 448: ...with User Mode will be shown as follows Settings to be configured in User Mode will be less than settings in Admin Mode Only basic configuration settings will be available in User Mode Info Setting in User Mode can be configured as same as in Admin Mode ...

Page 449: ...ows Item Description Enable Check this box to enable the login customization function Login Page Title Type a brief description e g Welcome to DrayTek which will be shown on the heading of the login dialog Welcome Message and Bulletin Type words or sentences here It will be displayed for bulletin message In addition it can be displayed on the login dialog at the bottom Note that do not type URL re...

Page 450: ...Vigor2926 Series User s Guide 434 ...

Page 451: ... Available settings are explained as follows Item Description Restore Choose File USB Storage Click it to specify a file to be restored Restore configuration except the login password If the password settings shall not be restored and applied to Vigor2926 simply check this box to get rid of password settings Click Restore to restore the configuration If the file is encrypted the system will ask yo...

Page 452: ...change configuration Backup will be executed whenever the configuration is changed Support Model List Web configuration file from other Vigor router can be applied to Vigor2926 series At present only the configuration file of Vigor2925 is accepted for Vigor2926 This field displays model name s and firmware which web configuration file saved can be used by such router 2 Click Backup button to get i...

Page 453: ...ting examples The Mac or Linux platform will appear different windows but the backup function is still available Info Backup for Certification must be done independently The Configuration Backup does not include information of Certificate R Re es st to or re e C Co on nf fi ig gu ur ra at ti io on n 1 Go to System Maintenance Configuration Backup The following windows will be popped up as shown be...

Page 454: ...function of syslog Syslog Save to Check Syslog Server to save the log to Syslog server Check USB Disk to save the log to the attached USB storage disk Router Name Display the name for such router configured in System Maintenance Management If there is no name here simply lick the link to access into System Maintenance Management to set the router name Server IP Address Hostname The IP address of t...

Page 455: ...heck this box to use port 465 for SMTP server for some e mail server uses https as the transmission method Authentication Check this box to activate this function while using e mail application User Name Type the user name for authentication Password Type the password for authentication Enable E mail Alert Check the box to send alert message to the e mail box while the router detecting the item s ...

Page 456: ...40 3 From the Syslog screen select the router you want to monitor Be reminded that in Network Information select the network adapter used to connect to the router Otherwise you won t succeed in retrieving information from the router ...

Page 457: ...r s system time Use Internet Time Select to inquire time information from Time Server on the Internet using assigned protocol Time Server Type the web site of the time server Priority Choose Auto or IPv6 First as the priority Time Zone Select the time zone where the router is located Enable Daylight Saving Check the box to enable the daylight saving Such feature is available for certain area Advan...

Page 458: ...e allows you to configure settings for SNMP and SNMPV3 services The SNMPv3 is more secure than SNMP through the encryption method support AES and DES and authentication method support MD5 and SHA for the management needs Available settings are explained as follows Item Description Enable SNMP Agent Check it to enable this function Get Community Set the name for getting community by typing a proper...

Page 459: ...s Notification Host IP IPv4 Set the IPv4 address of the host that will receive the trap community Notification Host IP IPv6 Set the IPv6 address of the host that will receive the trap community Trap Timeout The default setting is 10 seconds Enable SNMPV3 Agent Check it to enable this function USM User USM means user based security mode Type a username which will be used for authentication The maxi...

Page 460: ...ement Port Setup TLS SSL Encryption Setup CVM Access Control and Device Management The management pages for IPv4 and IPv6 protocols are different F Fo or r I IP Pv v4 4 Available settings are explained as follows Item Description Router Name Type in the router name provided by ISP Default Disable Auto Logout If it is enabled the function of auto logout for web user interface will be disabled ...

Page 461: ...P object profile Related IP with Subnet Mask will appear automatically Management Port Setup User Define Ports Check to specify user defined port numbers for the Telnet HTTP HTTPS FTP TR 069 and SSH servers Default Ports Check to use standard port numbers for the Telnet and HTTP servers Brute Force Protection Any client trying to access into Internet via Vigor router will be asked for passing thro...

Page 462: ...ement Enable AP Management Check it to enable the function of Central Management AP If unchecked menu items related to Central Management AP will be hidden Device Management Check the box to enable the device management function for Vigor2926 Respond to external device If it is enabled Vigor2926 will be regarded as slave device When the external device master device sends request packet to Vigor29...

Page 463: ...s allowed Index in IPv6 Object Type the index number of the IP object profile Related IP address will appear automatically After finished the above settings click OK to save the configuration F Fo or r L LA AN N Available settings are explained as follows Item Description Allow management from LAN Enable the checkbox to allow system administrators to login from LAN interface There are several serv...

Page 464: ...h self signed certificate is signed with its own private key The self signed certificate will be applied in SSL VPN HTTPS and so on In addition it can be created for free by using a wide variety of tools Click Regeneration to open Regenerate Self Signed Certificate window Type in all the information that the window request such as certifcate name used for identifying different certificate subject ...

Page 465: ...Vigor2926 Series User s Guide 449 ...

Page 466: ...chedule web page and you can use the number that you have set in that web page If you want to reboot the router using the current configuration check Using current configuration and click Reboot Now To reset the router settings to default values check Using factory default configuration and click Reboot Now The router will take 5 seconds to reboot the system Info When the system pops up Reboot Sys...

Page 467: ...ceed to firmware upgrade Click the button of Check The Latest Firmware to open a pop up window displaying the newest firmware version released for such Vigor router Choose the one you need and click Download After that click Select to specify the one you just download Then click Upgrade The system will upgrade the firmware of the router automatically ...

Page 468: ...up p The firware for Vigor router can be saved on the host as a backup firmware After that if the router crashes due to the firmware error the backup firmware will be applied to make the router run normally Simply specify the condition to run the firmware backup and click OK to save the settings ...

Page 469: ...r Click System Maintenance Activation to open the following page for accessing http myvigor draytek com Available settings are explained as follows Item Description Activate via Interface Choose WAN interface used by such device for activating Web Content Filter Activate The Activate link brings you accessing into www vigorpro com to finish the activation of the account and the router Authenticati...

Page 470: ...Vigor2926 Series User s Guide 454 ...

Page 471: ...nternal RADIUS server for the user profile Uncheck the box to turn off ecurity authentication service offered by internal RADIUS server for the user profile If you check the box next to such item all of the user profiles listed in this page will be enabled with RADIUS service enabled vice versa Local 802 1X Check the box to turn on the security authentication service offered by Local 802 1X server...

Page 472: ... required and sufficient bandwidth to meet performance expectations is indeed one important aspect of modern enterprise network One reason for QoS is that numerous TCP based applications tend to continually increase their transmission rate and consume all available bandwidth which is called TCP slow start If other applications are not protected by QoS it will detract much from their performance in...

Page 473: ...rvice License Agreement SLA with other DS domain owners to define the service level provided toward traffic from different domains Then each DS node in these domains will perform the priority treatment This is called per hop behavior PHB The definition of PHB includes Expedited Forwarding EF Assured Forwarding AF and Best Effort BE AF defines the four classes of delivery or forwarding classes and ...

Page 474: ...anagement menu click Sessions Limit to open the web page To activate the function of limit session simply click Enable and set the default session limit Available settings are explained as follows Item Description Session Limit Enable Click this button to activate the function of limit session Disable Click this button to close the function of limit session Default session limit Defines the defaul...

Page 475: ...ch index Add Adds the specific session limitation onto the list above Edit Allows you to edit the settings for the selected limitation Delete Remove the selected settings existing on the limitation list Administration Message Type the words which will be displayed when reaches the maximum number of Internet sessions permitted Default Message Click this button to apply the default message offered b...

Page 476: ...ion Enable Click this button to activate the function of limit bandwidth IP Routed Subnet Check this box to apply the bandwidth limit to the second subnet specified in LAN General Setup It is available for IPv4 settings only Default TX limit Define the default speed of the upstream for each computer in LAN Default RX limit Define the default speed of the downstream for each computer in LAN Disable...

Page 477: ...t Define the limitation for the speed of the downstream If you do not set the limit in this field the system will use the default speed for the specific limitation you set for each index Add Add the specific speed limitation onto the list above Edit Allow you to edit the settings for the selected limitation Delete Remove the selected settings existing on the limitation list Allow auto adjustment t...

Page 478: ...n will influence Class 1 Class2 Class 3 Others Display the bandwidth percentage for each class UDP Bandwidth Control Display the UDP bandwidth control is enabled or not Online Statistics Display an online statistics for quality of service for your reference Setup Allow to configure general QoS setting for WAN interface Class Rule Index Display the class number that you can edit Name Display the na...

Page 479: ...ly click the Edit link to access into next for configuration You can configure general setup for the WAN interface edit the Class Rule and edit the Service Type for the Class Rule for your request O On nl li in ne e S St ta at ti is st ti ic cs s Display an online statistics for quality of service for your reference This feature is available only when the Quality of Service for WAN interface is en...

Page 480: ...ck Setup link again You will see the Online Statistics link appearing on this page WAN Inbound Bandwidth It allows you to set the connecting rate of data input for other WAN For example if your ADSL supports 1M of downstream and 256K upstream please set 1000kbps for this box The default value is 10000kbps WAN Outbound Bandwidth It allows you to set the connecting rate of data output for other WAN ...

Page 481: ...bandwidth to ensure correct calculation of QoS It is suggested to set the bandwidth value for inbound outbound as 80 85 of physical network speed provided by ISP to maximize the QoS performance E Ed di it t t th he e C Cl la as ss s R Ru ul le e f fo or r Q Qo oS S 1 The first three Class 1 to Class 3 class rules can be adjusted for your necessity To add edit or delete the class rule please click ...

Page 482: ...ource address For Single Address you have to fill in Start IP address For Range Address you have to fill in Start IP address and End IP address For Subnet Address you have to fill in Start IP address and Subnet Mask DiffServ CodePoint All the packets of data will be divided with different levels and will be processed according to the level type by the system Please assign one of the levels of the ...

Page 483: ...n of that one and click Edit to open the rule edit page for modification E Ed di it t t th he e S Se er rv vi ic ce e T Ty yp pe e f fo or r C Cl la as ss s R Ru ul le e 1 To add a new service type edit or delete an existed service type please click the Edit link under Service Type field 2 After you click the Edit link you will see the following page ...

Page 484: ...fter finishing all the settings here please click OK to save the configuration By the way you can set up to 10 service types If you want to edit delete an existed service type please select the radio button of that one and click Edit Edit for modification R Re et ta ag g t th he e P Pa ac ck ke et ts s f fo or r I Id de en nt ti if fi ic ca at ti io on n Packets coming from LAN IP can be retagged ...

Page 485: ...ound Outbond bandwidth and bandwidth ratio Vigor router can perform the bandwidth management for the protocols streaming remote control web HD and so on Click Bandwidth Management APP QoS to open the following page Available settings are explained as follows Item Description Enable Disable Click Enable to activate APP QoS function Click Disable to deactivate APP QoS function Traceable The protocol...

Page 486: ... de select all of the protocols Apply to all Choose one of the actions from the drop down list It is prepared for applying to all protocols Apply Click it to make the selected action be applied all of the selected protocols immediately Action There are many protocols which can be specified with different QoS Class ...

Page 487: ...helps you to well allocate the bandwidth upon your demand of Voice Video or Data transferring Let s see how to get the optimum bandwidth per your request by using DrayTek Vigor router as below Scenario The Internet connection you got from ISP line is 2MB 512Kb There are VoIP telephony network IPTV set top box and data server at your home Assume you want to allocate 30 of the bandwidth you got to V...

Page 488: ...lick Edit to specify the local address 5 In the pop up window choose Range Address as the Address Type and type the start IP address and end IP address in relational fields Click OK to save the settings and exit the window 6 Click OK again to save the settings ...

Page 489: ...or2926 Series User s Guide 473 7 The class rule for VoIP has been set Click OK to return to previous page 8 Do the same steps to add class rules for IPTV and Data Email with IP addresses as shown below and ...

Page 490: ...e bandwidth for different groups among VoIP IPTV and Data Email 10 In the Setup page check the box of Enable the QoS Control Type 30 50 and 15 in the boxes for VoIP IPTV and Data Email respectively Check the box of Enable UDP Bandwidth Control 11 Click OK to save the settings The class rules for WAN1 are defined as shown below ...

Page 491: ...igor router at home to connect to the server in the headquarter office downtown via either HTTPS or V PN to check email and access internal database Meanwhile children may chat on Skype in the restroom 1 Go to Bandwidth Management Quality of Service 2 Click Setup link of WAN 1 2 3 4 Make sure the QoS Control on the left corner is checked And select BOTH in Direction 3 Set Inbound Outbound bandwidt...

Page 492: ...performance 4 Return to previous page Enter the Name of Index Class 1 by clicking Edit link Type the name E mail for Class 1 Click OK to save the settings 5 Click the Setup link for WAN2 The user can set reserved bandwidth e g 25 for E mail using protocol POP3 and SMTP Click OK to save the settings 6 Return to previous page Enter the Name of Index Class 2 by clicking Edit link In this index the us...

Page 493: ... Control on the bottom to prevent enormous UDP traffic influence other application Click OK 9 If the worker has connected to the headquarter using host to host VPN tunnel Please refer to Chapter 3 VPN for detail instruction he may set up an index for it Enter the ...

Page 494: ... of Index 3 In this index he will set reserved bandwidth for 1 VPN tunnel 10 Click Edit for Class 3 to open a new window In this index the user will set reserved bandwidth for VPN 11 Click Add to open the following window Check the ACT box first ...

Page 495: ...Vigor2926 Series User s Guide 479 12 Then click Edit of Local Address to set a worker s subnet address Click Edit of Remote Address to set headquarter s IP address Leave other fields and click OK ...

Page 496: ...user account Network administrator can give different firewall policies or rules for different hosts with different User Management accounts This is more flexible and convenient for network management Not only offering the basic checking for Internet access User Management also provides additional firewall rules e g CSM checking for protecting hosts Info Filter rules configured under Firewall usua...

Page 497: ...uence the contents of the filter rule s applied to every user Available settings are explained as follows Item Description Mode There are two modes offered here for you to choose Each mode will bring different filtering effect to the users involved User Based If you choose such mode the router will apply the filter rules configured in User Management User Profile to the users Rule Based If you cho...

Page 498: ... 524 352 pixel to have an image of enterprise or have the effect of advertisement Login Page Greeting Such link allows you to access into the setting page for login greeting For detailed information refer to System Maintenance Login Page Greeting Display IP Address on Check the box to display the IP address of the client on the tracking window Landing Page Type the information to be displayed on t...

Page 499: ...ofiles up to 200 which will be applied for users controlled under User Management Simply open User Management User Profile To set the user profile please click any index number link to open the following page Notice that profile 1 admin and profile 2 Dial In User are factory default settings Profile 2 is reserved for future use ...

Page 500: ... here to pass the authentication When the user passes the authentication he she can access Internet via this router However the accessing operation will be restricted with the conditions configured in this user profile The maximum length of the name you can set is 24 characters Password Type a password for such profile e g lug123 wug123 wug456 etc When a user tries to access Internet through this ...

Page 501: ...p Default If you choose such item the filter rules pre configured in Firewall can be adopted for such user profile Create New Policy If you choose such item the following page will be popped up for you to define another filter rule as a new policy For the detailed configuration simply refer to Firewall Filter Rule The firewall filter rules that are not selected in Firewall General Default rule can...

Page 502: ...r can access Internet through any browser on Windows Note that Alert Tool can be downloaded from DrayTek web site Telnet If it is selected the user can use Telnet command to perform the authentication job Landing Page When a user tries to access into the web user interface of Vigor router series with the user name and password specified in this profile he she will be lead into the web page configu...

Page 503: ...t quota automatically Set default time quota and data quota for such profile When the scheduling time is up the router will use the default quota settings automatically Enable Check it to use the default setting for time quota and data quota Default Time Quota Type the value for the time manually Default Data Quota Type the value for the data manually Internal RADIUS Check the box to enable securi...

Page 504: ...number link to open the following page Available settings are explained as follows Item Description Name Type a name for this user group Available User Objects You can gather user profiles objects from User Profile page within one user group All the available user objects that you have created will be shown in this box Notice that user object Admin and Dial In User are factory settings User define...

Page 505: ...on Refresh Seconds Use the drop down list to choose the time interval of refreshing data flow that will be done by the system automatically Refresh Click this link to refresh this page manually Index Display the number of the data flow User Display the users which connect to Vigor router currently You can click the link under the username to open the user profile setting page for that user IP Addr...

Page 506: ...lay the quota for data transmission Idle Time Display the idle timeout setting for such profile Action Block can avoid specified user accessing into Internet Unblock allow the user to access into Internet Logout the user will be logged out forcefully ...

Page 507: ...nction of User Management please make sure User Based has been selected as the Mode in the User Management General Setup page With User Management authentication function before a valid username and password have been correctly supplied a particular client will not be allowed to access Internet through the router There are three ways for authentication Web Telnet and Alert Tool A Au ut th he en nt...

Page 508: ...irst Then the client is trying to access http www draytek com and but brought to the Vigor router Since this is an SSL connection some web browsers will display warning messages With Microsoft Internet Explorer you may get the following warning message Please press Continue to this website not recommended With Mozilla Firefox you may get the following warning message Select I Understand the Risks ...

Page 509: ... appear Input the user name and the password for your account defined in User Management and click Login If the authentication is successful the client will be redirected to the original web site that he tried to access In this example it is http www draytek com Furthermore you will get a popped up window as the following Then you can access the Internet ...

Page 510: ...ion you access an external web site to trigger the authentication You may also directly access the router s Web UI for authentication Both HTTP and HTTPS are supported for example http 192 168 1 1 or https 192 168 1 1 Replace 192 168 1 1 with your router s real IP address and add the port number if the default management port has been modified If the authentication is successful you will get the W...

Page 511: ...ek com You may change it if you want For example you will get the following welcome message if you enter Login Successful in the Welcome Message table Also you will get a Tracking Window if you don t block the pop up window Don t setup a user profile in User Management and a VPN Remote Dial in user profile with the same Username Otherwise you may get unexpected result It is because the ...

Page 512: ...reate a user profile in User Management with chaochen test as username password while a VPN Remote Dial in user profile with the same username chaochen but a different password 1234 you will always get error message The username or password you entered is incorrect when you use chaochen test via Web to do authentication If SSL Tunnel or SSL Web Proxy is disabled in the VPN profile a User Managemen...

Page 513: ...ccount name for the authentication 2 Type the password for authentication and press Enter The message User login successful will be displayed with the expired time if configured Info Here expired time is Unlimited means the Time Quota function is not enabled for this account After login this account will not be expired until it is logout 3 In the Web interface of router the configuration page of T...

Page 514: ...e which means this account has no time quota If the Time Quota is enabled and time is not 0 minute You will get the following message The expired time is shown after you login After you run out the available time you can t use this account any more until the administrator manually adds additional time for you ...

Page 515: ... again Authentication via VigorPro Alert Notice Tool allows user to setup the re authentication interval so that the utility will send authentication requests periodically This will keep the client hosts from having to manually authenticate again and again The configuration of the VigorPro Alert Notice Tool is as follows 1 Click Authenticate Now to start the authentication immediately 2 You may ge...

Page 516: ...l le e 1 1 U Us se er rs s c ca an n s se ee e t th he e m me es ss sa ag ge e f fo or r l la an nd di in ng g p pa ag ge e a af ft te er r l lo og gg gi in ng g i in nt to o I In nt te er rn ne et t s su uc cc ce es ss sf fu ul ll ly y 1 Open the web user interface of Vigor2926 2 Open User Management General Setup to get the following page In the field of Landing Page please type the words of Log...

Page 517: ...ick OK to save the settings 5 Open any browser e g FireFox Internet Explorer The logging page will appear and asks for username and password Please type the correct username and password 6 Click Login If the logging is successful you will see the message of Login Success from the browser you use ...

Page 518: ...i in ng g i in nt to o I In nt te er rn ne et t s su uc cc ce es ss sf fu ul ll ly y 1 In the field of Landing Page please type the words as below body stats 1 script language javascript window location http www draytek com script body 2 Next enable the Landing Page function Open User Management User Profile and click one of the index number e g index number 3 links 3 In the following page check t...

Page 519: ...browser e g FireFox Internet Explorer The logging page will appear and asks for username and password Please type the correct username and password 5 Click Login If the logging is successful you will be directed into the website of www draytek com ...

Page 520: ...nts and promotional materials and broadcast of public service announcements W We eb b U Us se er r I In nt te er rf fa ac ce e V VI II I 4 4 1 1 P Pr ro of fi il le e S Se et tu up p Select Profile Setup to create or modify Portal profiles Up to 4 profiles can be created to meet different requirements according to LAN subnets WLAN SSIDs origin and destination IP addresses etc Available settings ar...

Page 521: ... n This mode does not perform any authentication The user will be redirected to the landing page The user can then leave the landing page to visit other websites C Cl li ic ck k t th hr ro ou ug gh h The following page will be shown to the users when they first attempt to access the Internet through the router After clicking Accept on the page users will be directed to the landing page and be gran...

Page 522: ...er to receive a PIN by SMS After they have authenticated themselves by entering the PIN they will be redirected to the landing page indicating that they have been granted Internet access S So oc ci ia al l o or r P PI IN N L Lo og gi in n This login mode presents both Social Login and PIN Code Login modes to the users and allows them to select their preferred mode of authentication ...

Page 523: ...Pr ro of fi il le e 1 1 L Lo og gi in n M Me et th ho od d Click the index link e g 1 of the selected profile to display the following page Available settings are explained as follows Item Description Enable this profile Check to enable this profile Comments Enter a brief description to identify this profile Choose Login Select the desired Login Mode ...

Page 524: ...the configuration on this page and proceed to the next page If you have chosen Skip Login as the Login Mode skip to step 4 Whitelisting below Otherwise proceed to configure the login page by following steps 2 and 3 2 2 B Ba ac ck kg gr ro ou un nd d If you have selected a Login Mode that requires authentication select a background for the login page ...

Page 525: ...Vigor2926 Series User s Guide 509 Available settings are explained as follows Item Description Choose Login Select either Color Background or Image Background as the login ...

Page 526: ...the RGB value Click Preview to preview the selected color Opacity 10 100 Available when Image Background is selected Set the opacity of the background image Background Image Available when Image Background is selected Click Browse to select an image file JPG or PNG format then click Upload to upload it to the router Save and Next Click to save the configuration on this page and proceed to the next...

Page 527: ...er the text to be displayed in the Terms and Conditions pop up window Accept Button Description Enter the text to be displayed on the accept button Accept Button Color Select the color of the accept button from the predefined color list or select Customize Color and enter the RGB value Click Preview to preview the selected color Save and Next Click to save the configuration on this page and procee...

Page 528: ... see only settings that are relevant to the selected login mode s Settings that are common to Facebook Google and PIN authentication are Item Description Welcome Message Enter the text to be displayed as the welcome message Terms and Conditions Description Enter the text to be displayed as the Terms and Conditions hyperlink text Terms and Conditions Content Enter the text to be displayed in the Te...

Page 529: ... above Refer to section A 1 How to create a Facebook App ID for Web Portal Authentication for details If you have selected Google login these settings will appear Item Description Google Login Description Enter the text to be displayed on the Google login button Google App ID Enter a valid Google app ID If you do not already have an app ID refer to section A 2 How to create a Google App ID for Web...

Page 530: ...Provider used to send PIN notifications SMS providers are configured in Objects Setting SMS Mail Service Object Enter PIN Description Enter message to be displayed in the PIN textbox to prompt the user to enter the PIN Submit Button Description Enter the text to be displayed on the submit PIN button Submit Button Color Select the color of the submit button from the predefined color list or select ...

Page 531: ...d to the next page Cancel Click to abort the configuration process and return to the profile summary page 2 2n nd d s st ta ag ge e P Pa ag ge e f fo or r P PI IN N L Lo og gi in n If you have selected PIN Login as the login mode you will also need to configure the page that is displayed to users when they request a PIN ...

Page 532: ...Item Description Back Button Description Enter text for the label of the hyperlink to return to the previous page PIN Code Message Enter text to be displayed as the body text on the page Default Country Code Select the default country code to be displayed using the dropdown menu ...

Page 533: ... summary page 4 4 W Wh hi it te el li is st t S Se et tt ti in ng g In this step you can configure the whitelist settings Users are allowed to send and receive traffic that satisfies whitelist settings Available settings are explained as follows Item Description NAT Rules To prevent web portal settings from conflicting with NAT rules resulting in unexpected behavior select the NAT rules that are a...

Page 534: ...e the configuration on this page and proceed to the next page Cancel Click to abort the configuration process and return to the profile summary page 5 5 M Mo or re e O Op pt ti io on ns s In this step you can configure advanced options for the Hotspot Web Portal ...

Page 535: ...the operating system s built in Captive Portal Detection Landing Page After Authentication Specifies the webpage that will be displayed after the user has successfully authenticated Fixed URL The user will be redirected to the specified URL This could be used for displaying advertisements to users such as guests requesting wireless Internet access in a hotel User Requested URL The user will be red...

Page 536: ...ailable settings are explained as follows Item Description Select Columns to Filter Users Simply specify the profile and the login method for filtering users who want to access Internet through the login method It is useful for system administrator to manage the user s access based on different conditions when there are a lot of users requiring to access into Internet User Table Information for th...

Page 537: ...Login Info online offline status for the device can be send on the field of Devices and historical information for device login will be shown on the field of Login History In addition to forcefully log out a selected device simply check the one you want to logout and click the Log Out Device button ...

Page 538: ...ase Clear User Info The user information will be displayed on the page of User Info You can delete the information by clicking this button Notification and Action when Storage Exceeded Notification Don t send notification Vigor router system will not send any notification to any receipient Send notification Vigor router system will not send a notification e mail to specified receipient s that sele...

Page 539: ...ument introduces how to create Facebook APP and generate the APP ID and APP secret that can be used in Web Portal setup 1 Register as FB Developer Go to https developers facebook com and login the FB account 2 Register the Facebook account as a Developer If the account has been verified previously this step can be skipped 3 Click My Apps then choose Register as Developer 4 Switch to YES then click...

Page 540: ...Vigor2926 Series User s Guide 524 6 Add a New App Click on My Apps Add a New App Choose Website platform 7 Click Skip and Create App ID on first use Type Display Name Choose Category Click Create App ID ...

Page 541: ...Vigor2926 Series User s Guide 525 8 Pops up security check window select the answer and then click Submit to finish the process ...

Page 542: ... Add Platform on My Apps Go to Settings then click Add Platform 11 Choose Website in Select Platform window 12 Enter the Site URL as http portal draytek com Note If you change http port in the vigor please add http port in URLs For example we use 8080 as http port and we ll put http portal draytek com 8080 Enter the Contact Email And click Save Change ...

Page 543: ...27 13 Set up Client OAuth Go to Settings Advanced Client OAuth Settings enter http portal draytek com in Valid OAuth redirect URIs and save changes 14 Go to My Apps Status Review and switch available status to YES to activate the APP ...

Page 544: ...Vigor2926 Series User s Guide 528 ...

Page 545: ...e LAN clients by their Google or Facebook account This document introduces how to create Facebook APP and generate the APP ID and APP secret that can be used in Web Portal setup 1 Create Developer project Go to https code google com apis console login with a Google account then click Create project Type project name then click Create 2 On Dashboard choose Use Google APIs 3 Edit Auth Consent screen...

Page 546: ...ter name Set Authorized JavaScript origins and Authorized redirect URLs as http portal draytek com and click Create Note If you change http port in the vigor please add http port in URLs For example we use 8080 as http port and we ll put http portal draytek com 8080 6 Get client ID and client secret Such information will be used in Vigor Router s Web Portal Setup page ...

Page 547: ...Vigor2926 Series User s Guide 531 ...

Page 548: ...P PN N Vigor2926 can build virtual private network VPN between itself and any other TR 069 CPE by the function of central VPN management In addition it can be treated as a server called CVM server which can manage TR 069 CPE for periodical firmware upgrade configuration backup and restoring configuration ...

Page 549: ... V VI II I 5 5 1 1 1 1 G Ge en ne er ra al l S Se et tt ti in ng gs s To enable the CVM feature the first thing you have to do is enabling CVM port or CVM SSL Port Available settings are explained as follows Item Description CVM SSL Port Check the box to enable the port setting Type the port number in the box CVM Port Check the box to enable the port setting Type the port number in the box WAN IP ...

Page 550: ...ment is operated through IPsec VPN connection Available settings are explained as follows Item Description IPsec Mode Choose Aggressive or Main as the IPsec Mode Security Method Choose one of the following methods AH or ESP for the security of data transmission For example choose AH to specify the IPsec protocol for the Authentication Header protocol The data will be authenticated but not be encry...

Page 551: ...e seen with icons from this page Before using such feature make sure the CVM port has been enabled and configured properly V VI II I 5 5 2 2 1 1 M Ma an na ag ge ed d D De ev vi ic ce e L Li is st t This page allows you to manage the CPEs connected to Vigor2926 series P Pa ag ge e w wi it th ho ou ut t C CP PE E c co on nn ne ec ct te ed d ...

Page 552: ...anaged by Vigor2926 series Edit To modify the name and location of specific CPE click the one you want and click the Edit button A pop up window will appear Simply change the name and or location manually Delete To disconnect the management of any CPE click the CPE icon you want and click the Delete button Double clicking the CPE icon also can pop up the Managed Device Detail window However you ca...

Page 553: ...splayed in such field Add Move the selected device from Unmanaged Devices List to Managed Devices List IP Address Display the IP address of the remote device Mac Address Display the MAC address of the remote device Device Model Display the model name of the remote device Description Name Define the name or type the additional description of CPE for identification in VPN management and CPE manageme...

Page 554: ...cription Refresh Click it to refresh current page USB Disk It means a USB disk connecting to Vigor2926 It means no USB disk connecting to Vigor2926 Disk Usage When a USB disk connects to Vigor2926 the disk usage and the disk capacity will be displayed in such field When there is no USB disk connecting to Vigor2926 such message will be displayed in this field Click the icon to see the content insid...

Page 555: ...backup from this CPE before Because restoring from another device s configuration file may cause serious problem e g Both devices have different ISP username password Restoring configuration from one CPE to the other will cause Internet connection not being online Available parameters are listed as follows Item Description Profile Name Type the name of the maintenance profile Enable Check it to en...

Page 556: ...e g Both devices have different ISP username password Restoring configuration from one CPE to the other will cause Internet connection not being online Firmware Upgrade It means such profile will be used for firmware upgrade File Path Click Select to locate the file you want to save restore or upgrade for CPE Index in Schedule Vigor2926 series will perform the specified action to the selected CPE ...

Page 557: ...ries User s Guide 541 V VI II I 5 5 2 2 3 3 G Go oo og gl le e M Ma ap p To display the location of the managed CPE with a bird s eye view open Central VPN Management CPE Management and click the tab of Google Map ...

Page 558: ...e VPN connection between Vigor2926 and remote CPE Type Display the dial in type and the authentication method Remote IP Display the IP address of the remote CPE and the interface Virtual Network Display the IP address and subnet mask of Vigor2926 series Tx Pkts Display the number of the transmitted packets Tx Rate Bps Display the number of the transmitted rate Rx Pkts Display the number of the rec...

Page 559: ...ity of CVM log is full the system will stop recording Always record the new event only the newest events will be recorded by the system Device Name Display the name of the managed CPE Description Name Display the brief explanation for the managed CPE Time date Display the time and date that the managed CPE scanned by Vigor2926 series Action Type Display the action that Vigor2926 series will perfor...

Page 560: ...6 series For this section we use Vigor2850 series as the example All the CPE configuration will be done through Vigor2850 series C Co on nf fi ig gu ur re e C CV VM M S Se et tt ti in ng gs s o on n V Vi ig go or r2 29 92 26 6 s se er ri ie es s 1 Access into the web user interface of Vigor2926 series 2 Open Central Management VPN General Setup 3 In the following page check the boxes for CVM Port ...

Page 561: ...xample IE Mozilla Firefox or Netscape and type http 192 168 1 1 2 Open System Maintenance TR 069 3 In the field of ACS Server type the URL IP address with port number of Vigor2926 series and type the same Username and Password defined on the page of Central VPN Management General Setup in Vigor2926 series Then click Enable for CPE Client and then click OK to save the settings 4 Open System Mainten...

Page 562: ... management access control and click OK 6 Open WAN Internet Access Use the drop down list of Access Mode on WAN1 to select MPoA RFC1483 2684 Then click Details Page 7 Click Specify an IP address Type correct WAN IP address subnet mask and gateway IP address for your CPE Then click OK ...

Page 563: ...rn to the web user interface of Vigor2926 series 2 Open Central VPN Management VPN Management Now there is one CPE displayed on the field of Unmanaged Devices List 3 Choose the one Vigor2850 from Unmanaged Devices List and click Add The following dialog will be popped up Type the name and the location of the router respectively Click OK to save the configuration 4 The selected CPE will be moved an...

Page 564: ...o or r2 29 92 26 6 s se er ri ie es s When a remote device is managed by Vigor2926 series it is easy to build VPN between these two devices 1 Access into the web user interface of Vigor2926 series 2 Open Central Management VPN CPE Management 3 Click the device icon marked with and click the PPTP IPsec button 4 Wait for a moment If VPN is built successfully related information will be displayed on ...

Page 565: ...h VPN will be generated automatically You can access into VPN and Remote Access LAN to LAN of the remote device for viewing the detailed information Note The profile name is created automatically by the system Do not modify any value in such page to avoid VPN error ...

Page 566: ...or the device e g Vigor2850 managed by Vigor2926 series Vigor2850 as an example is chosen for Vigor2926 to perform the CPE firmware upgrade remotely in this case 1 Plug in USB storage disk onto Vigor2926 series via USB interface Make sure the USB disk has been installed correctly otherwise the firmware upgrade will not be successful 2 Access into web user interface of Vigor2926 series Open Central...

Page 567: ...to perform firmware upgrade from Device Name drop down list From the Action Type choose Firmware Upgrade Type the file path of the newest firmware or click Select to locate it Specify the Schedule profile At last click OK 5 Now a new maintenance profile has been created 6 Click Now to perform the firmware upgrade immediately for Vigor2850 7 Wait for several minutes for firmware upgrade ...

Page 568: ... the managed device if the firmware upgrade is successful or not Click Managed Devices List Click the icon of Vigor2850 and click Edit and view the software version Another way to check if the firmware upgrade is completed or not simply open Central VPN Management Log Alert ...

Page 569: ...est wireless coverage will be clearly indicated through simulated signal strength A AP P M Ma ai in nt te en na an nc ce e Vigor router can execute configuration backup configuration restoration firmware upgrade and remote reboot for the APs managed by the router It is very convenient for the administrator to process maintenance without accessing into the web user interface of the access point L L...

Page 570: ...D Da as sh hb bo oa ar rd d This page shows VigorAP s information about Status Event Log Total Traffic or Station Number by displaying VigorAP icon text and histogram Just move and click your mouse cursor on Status Event Log Total Traffic or Station Number Corresponding web pages will be open immediately ...

Page 571: ... router will be displayed here IP Address Display the true IP address of the access point SSID Display the SSID configured for the access point s connected to Vigor2926 Ch Display the channel used by the access point STA List Display the number of wireless clients stations connecting to the access point In which 0 64 means that up to 64 clients are allowed to connect to the access point But now no...

Page 572: ...e Security Display the security mode selected by such wireless profile Multi SSID Enable means multiple SSIDs more than one are active Disable means only SSID1 is active WLAN ACL Display the name of the access control list Rate Ctrl Display the upload and or download transmission rate Clone It can copy settings from an existing WLAN profile to another WLAN profile First you have to check the box o...

Page 573: ...applied to the selected access point immediately Later the access point will reboot To Local WLAN Profile configured in this page is specified for VigorAP connected to Vigor router If required these settings also can be applied to Vigor router Select and check one of wireless profiles and click this button to apply the settings onto the WI Fi wireless settings configured for such Vigor router ...

Page 574: ...r s Guide 558 H Ho ow w t to o e ed di it t t th he e w wi ir re el le es ss s L LA AN N p pr ro of fi il le e 1 Check the box on the left side of the selected profile 2 Click the Edit button to display the following page ...

Page 575: ...ser s Guide 559 Info The function of Auto Provision is available for the default WLAN profile 3 After finished the general settings configuration click Next to open the following page for 2 4G wireless security settings ...

Page 576: ...bove web page configuration click Next to open the following page for 5G wireless security settings 5 When you finished the above web page configuration click Finish to exit and return to the first page The modified WLAN profile will be shown on the web page ...

Page 577: ...e Reboot can be performed to more than one AP at one time by using Vigor2926 Available settings are explained as follows Item Description Action There are four actions provided by Vigor router to manage the access points Vigor router can backup the configuration of the selected AP restore the configuration for the selected AP perform the firmware upgrade of the selected AP reboot the selected AP r...

Page 578: ... floor plan the placement with the best wireless coverage will be clearly indicated through simulated signal strength Available settings are explained as follows Item Description Set to Factory Default Click the link to clear current page configuration Profile Click the link to to view or edit the AP Map Location Display a brief description e g ground roof of the AP Map Online APs Display the numb...

Page 579: ...ilable settings are explained as follows Item Description Location Profile Name Type a name e g groudfloor for the AP map profile Upload Map Click the Select button to choose an image file only JPG and PNG are supported for floor plan Cancel Click it to cancel the configuration Next Click it to go to the next configuration page 2 Click Next The dimension page of the floor plan will be shown as fol...

Page 580: ...Drag and drop an AP icon from AP list to the map on the bottom 4 Check the box of Show AP Coverage on to determine the wireless signal Then choose 2 4GHz or 5GHz for the AP 5 Adjust the AP on the map to find out which place can have the best wireless coverage At last click Save ...

Page 581: ...ose one of the managed Access Points LAN A or LAN B daily or weekly for viewing data transmission chart Click Refresh to renew the graph at any time The horizontal axis represents time the vertical axis represents the transmission rate in kbps Info Enabling Disabling such function will also enable disable the External Devices function ...

Page 582: ...Ps will be classified with friendly APs rogue APs and unknown APs in different colors Below shows the detected APs by clicking OK Available settings are explained as follows Item Description Enable Neighbor AP Detection The access point s registered to Vigor2926 will be used to detect other access points and send the scanned results to Vigor2926 Later the scanned result ...

Page 583: ...D Display the MAC address of the detected access point Security Display the encryption mode used by the access point Signal Display the signal strength represented by percentage sent by the access point Beacon Period Display the period time of the beacon The beacon signal will be sent out periodically Last Detected Display the date and time that such access point was detected by Vigor router All t...

Page 584: ...gue APs If the selected AP shall be treated as rogue AP simply click Add to change its classification from unknown to Rogue Delete From Rogue APs If you want to change the classification of the rogue AP simply choose the one and click Delete Later the page will refresh and the one will be classified as Unknown Friendly APs If you want to change the classification of the friendly AP simply choose t...

Page 585: ... log for all of the APs managed by Vigor router will be shown on this page It is userful for troubleshooting if required V VI II I 6 6 9 9 T To ot ta al l T Tr ra af ff fi ic c Such page will display the total traffic of data receiving and data transmitting for VigorAPs managed by Vigor router ...

Page 586: ... VigorAP V VI II I 6 6 1 11 1 L Lo oa ad d B Ba al la an nc ce e The parameters configured for Load Balance can help to distribute the traffic for all of the access points registered to Vigor router Thus the bandwidth will not be occupied by certain access points Available settings are explained as follows Item Description AP Load Balance It is used to determine the operation mode when the system ...

Page 587: ...nloading Action When Threshold Exceeded Stop accepting new connections When the number of stations or the traffic reaches the threshold defined in this web page Vigor router will stop any new connection asked by other access point Dissociate existing station by longest idel time When the access point is overload e g reaching the limit of station number or limit of network traffic it will terminate...

Page 588: ...Vigor2926 Series User s Guide 572 ...

Page 589: ...the access points linked to Vigor2926 1 Open External Devices Access Point Devices Vigor2926 will detect the AP connecting to the router automatically and display as below In this case a device named with AP800_00507F6EE4980 has been detected by Vigor router 2 Click the WLAN Profile tab to get the following page Check the box of the default profile to make the Edit button be available Then click t...

Page 590: ...ssary for you to manually apply wireless profiles for APs respectively Such feature will be convenient for people who want to quickly deploy multiple Vigor APs in a large exhibition to reach the goal of plug and play and zero configuration 4 The following page allows you to modify related settings for 2 4G SSID of managed AP Make the changes you want for 2 4G SSID Click Next for next page ...

Page 591: ...o modify related settings for 5G SSID of managed AP Continue to make any changes you want After finished all of the changes simply click Finish 6 Now the AP represented with AP800_00507F6EE4980 detected by Vigor router will be applied with the settings modified by Vigor router ...

Page 592: ...at one time V VI II I 7 7 1 1 S St ta at tu us s V VI II I 7 7 1 1 1 1 S Sw wi it tc ch h S St ta at tu us s Such page displays information including Group Switch name IP address model System Up Time Port in Use Clients and Firmware Version of VigorSwitch connected to Vigor2926 series Before checking the switch status go to Central Management External Device to enable External Device Auto Discover...

Page 593: ...click the name link to access into the switch profile IP Address Display the IP address of VigorSwitch Model Display the model name of VigorSwitch System Up Time Display the time accumulated since this Vigorwitch is powered up Port in Use Display how many devices connected to VigorSwitch Clients Display the number of LAN ports used in VigorSwitch Firmware Version Display the firmware version that ...

Page 594: ...Vigor2926 Series User s Guide 578 It will be better to group VigorSwitch devices with the same model ...

Page 595: ... ch hy y Such page displays the hierarchy of VigorSwitch es managed under Vigor2926 Please note that Shutdown Port is available for LAN port of VigorSwitch connects to a LAN device When it is checked after clicking OK the network connection between that device and VigorSwitch will be terminated ...

Page 596: ...onnected VigorSwitch will have one setting profile If there are many switches connected to Vigor2926 different index number will be used to represent different VigorSwitch Name Display the user defined name of VigorSwitch Group Display the group name of VigorSwitch es IP Address Display the IP address of VigorSwitch MAC Address Display the MAC address of VigorSwitch Model Display the model name of...

Page 597: ...ld is unavailable Login Password Display the original login password for the VigorSwitch However if Group Password in Central Management Switch Group is configured with other string then such field is not allowed to type any other password And only the group password will be shown instead IP Address Display the dynamic IP address of the connected switch assigned by Vigor2926 Save Click it to save ...

Page 598: ...previously 3 Click Save to save VLAN configuration Then click Port tab to access the following page Available settings are explained as follows Item Description Description If required type a brief description to explain the device connected to VigorSwitch via the LAN port ...

Page 599: ...s can be specified here to force Vigor2926 executing specific action to VigorSwitch 4 Click OK to save the changes and then click Send to Device Settings will be sent to VigorSwitch immediately V VI II I 7 7 3 3 G Gr ro ou up p Different switches can be classified into different group s Specifc password for a group can be defined and applied to every switch uder that group Through the common passw...

Page 600: ...ng to Vigor2926 series All of the switches under the same group can be accessed into via such group password Existing Switch Display all of the VigorSwitch devices connecting to Vigor2926 Member Switch Choose the switches you want to group and click the button to move the selected devices onto the field of Member Switch Devices under Member Switch will be grouped under such group profile OK Click ...

Page 601: ...Type Four actions including configuration backup configuration restore remote reboot and factory reset are offered by Vigor2926 to perform on VigorSwitch File Path Click the button to find out the required file Select Device Existing Device Display all of the VigorSwitch devices connecting to Vigor2926 Selected Device Choose the switches you want to group and click the button to move the existing ...

Page 602: ...of abnormal condition will be recorded to the database or the system will send an alert to the specified device via e mail or SMS to warn the user V VI II I 7 7 5 5 1 1 A Al le er rt t S Se et tu up p This page is used to define the name of alert level of alert in color and determine to record the data in the database or send a notification message to the user based on the level Available settings...

Page 603: ...and log for index 2 is enabled in default Send Notification If it is checked Vigor router s system will send notification to specified phone number via SMS SMS Email Service Object Choose the SMS object which will get the SMS from Vigor router Up to 4 objects can be selected at one time V VI II I 7 7 5 5 2 2 S Sw wi it tc ch h a an nd d P Po or rt t S Se et tu up p This page defines enabling switc...

Page 604: ...dent At present Cold Start Warm Start Disconnect and Reconnect will be treated as alert events Level Specify the severity level for each incident To defined more severity level for choosing in this page simply open Central Management Switch Alert and Log and click Alert Setup Port Alert Port Available Ethernet ports for the selected VigorSwitch e g G2260 in this case will be shown on this page Eac...

Page 605: ...to four levels No Alert Minor Alert Moderate Alert and Major Alert Check the one s you want to check in Alert Logs list Type Check the type switch port of the log to be displayed in Alert Logs list Switch Switch es connecting to Vigor router will be shown in this area Click the one you need OK Click it to save the configuration Log related to the items selected above will be shown in Alert Logs li...

Page 606: ...box to make the database in USB disk to record the alert logs and traffic history Notification and Action when Storage Exceeded Notification Don t send notification No notification will be sent out when there is no capacity for storage in USB Send notification A notification will be sent out when there is no capacity for storage in USB Action Stop recording user information When the capacity of lo...

Page 607: ...Vigor2926 Series User s Guide 591 V VI II I 7 7 7 7 S Su up pp po or rt t L Li is st t This page lists all models of VigorSwitch which can be managed by Vigor2926 via Central Management Switch ...

Page 608: ... De ev vi ic ce es s Available settings are explained as follows Item Description External Device Syslog Check this box to display information of the detected device on Syslog External Device Auto Discovery Check this box to detect the external device automatically and display on this page From this web page check the box of External Device Auto Discovery Later all the available devices will be di...

Page 609: ...Vigor2926 Series User s Guide 593 When you finished the configuration click OK to save it Info Only DrayTek products can be detected by this function ...

Page 610: ...Vigor2926 Series User s Guide 594 This page is left blank ...

Page 611: ...ddress service type keyword file extension and others These pre defined objects can be applied in CSM USB device connected on Vigor router can be regarded as a server or WAN interface By way of Vigor router clients on LAN can access write and read data stored in USB storage disk with different applications ...

Page 612: ...ries User s Guide 596 V VI II II I 1 1 O Ob bj je ec ct ts s S Se et tt ti in ng gs s Define objects such as IP address service type keyword file extension and others These pre defined objects can be applied in CSM ...

Page 613: ...ed range usually will be applied in configuring router s settings therefore we can define them with objects and bind them with groups for using conveniently Later we can select that object group that can apply it For example all the IPs in the same department can be defined with an IP object a range of IP address You can set up to 192 sets of IP Objects with different conditions ...

Page 614: ...s Subnet Address Mac Address or all that IP object with the selected type will be shown on this page Set to Factory Default Clear all profiles Search Type a string of the IP object that you want to search Index Display the profile number that you can configure Name Display the name of the object profile Address Display the IP address configured for the object profile ...

Page 615: ...ownload to store the default CSM template a table without any input data to your hard disk Download Download the CSV file from Vigor router and store in your hard disk Restore IP Object Select Click it to specify a predefined CSV file Restore Import the selected CSV file onto Vigor router To set a new profile please do the steps listed below 1 Click the number e g 1 under Index column for configur...

Page 616: ...object contains any IP address Select Mac Address if this object contains Mac address MAC Address Type the MAC address of the network card which will be controlled Start IP Address Type the start IP address for Single Address type End IP Address Type the end IP address if the Range Address type is selected Subnet Mask Type the subnet mask if the Subnet Address type is selected Invert Selection If ...

Page 617: ...gs are explained as follows Item Description Set to Factory Default Clear all profiles Index Display the profile number that you can configure Name Display the name of the group profile To set a new profile please do the steps listed below 1 Click the number e g 1 under Index column for configuration in details 2 The configuration page will be shown as follows ...

Page 618: ...d interface chosen above will be shown in this box Selected IP Objects Click button to add the selected IP objects in this box 3 After finishing all the settings here please click OK to save the configuration V VI II II I 1 1 3 3 I IP Pv v6 6 O Ob bj je ec ct t You can set up to 64 sets of IPv6 Objects with different conditions Available settings are explained as follows Item Description Set to Fa...

Page 619: ... Address if this object contains one subnet for IPv6 address Select Any Address if this object contains any IPv6 address Select Mac Address if this object contains Mac address Mac Address Type the MAC address of the network card which will be controlled Start IP Address Type the start IP address for Single Address type Or click Select to specify an IP address End IP Address Type the end IP address...

Page 620: ...ettings are explained as follows Item Description Set to Factory Default Clear all profiles Index Display the profile number that you can configure Name Display the name of the group profile To set a new profile please do the steps listed below 1 Click the number e g 1 under Index column for configuration in details 2 The configuration page will be shown as follows ...

Page 621: ...6 Objects Click button to add the selected IPv6 objects in this box 3 After finishing all the settings please click OK to save the configuration V VI II II I 1 1 5 5 S Se er rv vi ic ce e T Ty yp pe e O Ob bj je ec ct t You can set up to 96 sets of Service Type Objects with different conditions Available settings are explained as follows Item Description Set to Factory Default Clear all profiles I...

Page 622: ... columns are available for TCP UDP protocol It can be ignored for other protocols The filter rule will filter out any port number when the first and last value are the same it indicates one port when the first and last values are different it indicates a range for the port and available for this profile when the first and last value are the same it indicates all the ports except the port defined h...

Page 623: ...1 1 6 6 S Se er rv vi ic ce e T Ty yp pe e G Gr ro ou up p This page allows you to bind several service types into one group Available settings are explained as follows Item Description Set to Factory Default Clear all profiles Index Display the profile number that you can configure Name Display the name of the group profile ...

Page 624: ...ings are explained as follows Item Description Name Type a name for this profile Maximum 15 characters are allowed Available Service Type Objects All the available service objects that you have added on Objects Setting Service Type Object will be shown in this box Selected Service Type Objects Click button to add the selected IP objects in this box 3 After finishing all the settings please click O...

Page 625: ...set 200 keyword object profiles for choosing as black white list in CSM URL Web Content Filter Profile Available settings are explained as follows Item Description Set to Factory Default Clear all profiles Index Display the profile number that you can configure Name Display the name of the object profile ...

Page 626: ... are explained as follows Item Description Name Type a name for this profile e g game Maximum 15 characters are allowed Contents Type the content for such profile For example type gambling as Contents When you browse the webpage the page with gambling information will be watched out and be passed blocked based on the configuration on Firewall settings 3 After finishing all the settings please clic...

Page 627: ...list in CSM URL Web Content Filter Profile Available settings are explained as follows Item Description Set to Factory Default Clear all profiles Index Display the profile number that you can configure Name Display the name of the group profile To set a new profile please do the steps listed below 1 Click the number e g 1 under Index column for configuration in details 2 The configuration page wil...

Page 628: ...lected Keyword objects in this box 3 After finishing all the settings please click OK to save the configuration V VI II II I 1 1 9 9 F Fi il le e E Ex xt te en ns si io on n O Ob bj je ec ct t This page allows you to set eight profiles which will be applied in CSM URL Content Filter All the files with the extension names specified in these profiles will be processed according to the chosen action ...

Page 629: ...ls 2 The configuration page will be shown as follows Available settings are explained as follows Item Description Profile Name Type a name for this profile The maximum length of the name you can set is 7 characters 3 Type a name for such profile and check all the items of file extension that will be processed in the router Finally click OK to save this profile ...

Page 630: ...vice Each item is explained as follows Item Description Set to Factory Default Clear all of the settings and return to factory default settings Index Display the profile number that you can configure Profile Display the name for such SMS profile SMS Provider Display the service provider which offers SMS service To set a new profile please do the steps listed below 1 Click the SMS Provider tab and ...

Page 631: ...n use to register to selected SMS provider The maximum length of the name you can set is 31 characters Password Type a password that the sender can use to register to selected SMS provider The maximum length of the password you can set is 31 characters Quota Type the number of the credit that you purchase from the service provider chosen above Note that one credit equals to one SMS text message on...

Page 632: ...to make customized SMS service The profile name for Index 9 and Index 10 are fixed You can click the number e g 9 under Index column for configuration in details Available settings are explained as follows Item Description Profile Name Display the name of this profile It cannot be modified Service Provider Type the website of the service provider Type the URL string in the box under the filed of S...

Page 633: ...he router will send out Sending Interval Type the shortest time interval for the system to send SMS After finishing all the settings here please click OK to save the configuration M Ma ai il l S Se er rv vi ic ce e O Ob bj je ec ct t This page allows you to set ten profiles which will be applied in Application SMS Mail Alert Service Each item is explained as follows Item Description Set to Factory...

Page 634: ...ype the IP address of the mail server SMTP Port Type the port number for SMTP server Sender Address Type the e mail address of the sender Use SSL Check this box to use port 465 for SMTP server for some e mail server uses https as the transmission method Authentication The mail server must be authenticated with the correct username and password to have the right of sending message out Check the box...

Page 635: ... I 1 1 1 11 1 N No ot ti if fi ic ca at ti io on n O Ob bj je ec ct t This page allows you to set ten profiles which will be applied in Application SMS Mail Alert Service You can set an object with different monitoring situation To set a new profile please do the steps listed below 1 Open Object Setting Notification Object and click the number e g 1 under Index column for configuration in details ...

Page 636: ...t is 15 characters Category Display the types that will be monitored Status Display the status for the category You can check the box to be monitored For example the check box of CPE firmware upgrade fail under the category of Central VPN Management is checked Once such profile is enabled Vigor router system will send out notification to the recipient via SMS 3 After finishing all the settings her...

Page 637: ...ble settings are explained as follows Item Description Add Click it to open the following page for adding a new string object Set to Factory Default Click it to clear all of the settings in this page Index Display the number link of the string profile String Display the string defined Clear Choose the string that you want to remove Then click this check box to delete the selected string Below show...

Page 638: ...cked by the Vigor router s Firewall The country object by grouping IP addresses for multiple countries can be applied by other functions such as router policy destination refer to the following figure for example To set a new profile please do the steps listed below 1 Open Object Setting Country Object and click the number e g 1 under Index column for configuration in details ...

Page 639: ...em Description Name Type a name for such profile The maximum length of the name you can set is 15 characters Countries Check the box es for the country countries to be blocked by Firewall Note that one country profile can contain 1 up to 16 countries 3 After finishing all the settings here please click OK to save the configuration ...

Page 640: ... Log into the web user interface of Vigor router 2 Configure relational objects first Open Object Settings SMS Mail Server Object to get the following page Index 1 to Index 8 allows you to choose the built in SMS service provider If the SMS service provider is not on the list you can configure Index 9 and Index 10 to add the new service provider to Vigor router 3 Choose any index number e g Index ...

Page 641: ...rofile setting 5 Open Object Settings Notification Object to configure the event conditions of the notification 6 Choose any index number e g Index 1 in this case to configure conditions for sending the SMS In the following page type the name of the profile and check the Disconnected and Reconnected boxes for WAN to work in concert with the topic of this paper ...

Page 642: ...o choose SMS Provider and the Notify Profile specify the time of sending SMS Then type the phone number in the field of Recipient the one who will receive the SMS 9 Click OK to save the settings Later if one of the WAN connections fails in your router the system will send out SMS to the phone number specified If the router has only one WAN interface the system will send out SMS to the phone number...

Page 643: ...S P Pr ro ov vi id de er r Choose one of the Index numbers 9 or 10 allowing you to customize the SMS Provider In the web page type the URL string of the SMS provider and type the username and password After clicking OK the new added SMS provider will be added and will be available for you to specify for sending SMS out ...

Page 644: ...n USB Application you can type the IP address of the Vigor router and username password created in USB Application USB User Management on the client software Then the client can use the FTP site USB storage disk or share the SMB service through Vigor router Info USB ports on Vigor router are allowed to connect to USB modem Models of the modems supported by Vigor router can be seen from USB Applica...

Page 645: ...he USB storage disk into the Vigor router please make sure the memory format for the USB storage disk is FAT16 or FAT32 It is recommended for you to use FAT32 for viewing the filename completely FAT16 cannot support long filename Available settings are explained as follows Item Description General Settings Simultaneous FTP Connections This field is used to specify the quantity of the FTP sessions ...

Page 646: ...ters Both them cannot contain any of the following Workgroup Name Type a name for the workgroup Host Name Type the host name for the router Printer Server Enable Click it to make Vigor router act as a printer server with USB printer attached After finishing all the settings here please click OK to save the configuration V VI II II I 2 2 2 2 U US SB B U Us se er r M Ma an na ag ge em me en nt t Thi...

Page 647: ...ed for FTP firmware upgrade usage Note FTP Passive mode is not supported by Vigor Router Please disable the mode on the FTP client Password Type the password for FTP SMB users for accessing FTP server Later you can open FTP client software and type the password specified here for accessing into USB storage disk The length of the password is limited to 11 characters Confirm Password Type the passwo...

Page 648: ...ou have to insert a USB storage disk into the USB interface of the Vigor router Otherwise you cannot save the configuration V VI II II I 2 2 3 3 F Fi il le e E Ex xp pl lo or re er r File Explorer offers an easy way for users to view and manage the content of USB storage disk connected on Vigor router Available settings are explained as follows Item Description Refresh Click this icon to refresh f...

Page 649: ...irst And then remove the USB device later Available settings are explained as follows Item Description Connection Status If there is no USB device connected to Vigor router No Disk Connected will be shown here Disk Capacity It displays the total capacity of the USB storage disk Free Capacity It displays the free space of the USB storage disk Click Refresh at any time to get new status for free cap...

Page 650: ...a communications room is overheating During summer in particular it is important to ensure that your server or data communications equipment are not overheating due to cooling system failures The inclusion of a USB thermometer in compatible Vigor routers will continuously monitor the temperature of its environment When a pre determined threshold is reached you will be alerted by either an email or...

Page 651: ...it Choose the display unit of the temperature There are two types for you to choose Alarm Settings Enable Syslog Alarm The temperature log will be recorded on Syslog if it is enabled Upper temperature limit Lower temperature limit Type the upper limit and lower limit for the system to send out temperature alert T Te em mp pe er ra at tu ur re e C Ch ha ar rt t Below shows an example of temperature...

Page 652: ...es User s Guide 636 V VI II II I 2 2 6 6 M Mo od de em m S Su up pp po or rt t L Li is st t Such page provides the information about the brand name and model name of the USB modems which are supported by Vigor router ...

Page 653: ...Guide 637 V VI II II I 2 2 7 7 S SM MB B C Cl li ie en nt t S Su up pp po or rt t L Li is st t SMB Client Support List provides the test status information for applications with file sharing operated under different platforms ...

Page 654: ...g USB Applicaiton File Explorer If it is necessary for you to delete copy files on the device or write paste files to the devcie it must be done through SMB server or FTP server SMB service is based on the original USB FTP service You will need to setup USB FTP first We would like to give brief instructions on USB FTP setup here 1 Plug the USB device to the USB port on the router Make sure Disk Co...

Page 655: ...B User Management Click Enable to enable FTP SMB User account Here we add a new account user1 and assign authorities Read Write and List to it 4 Click OK to save the configuration 5 Make sure the FTP service is running properly Please open a browser and type ftp 192 168 1 1 Use the account user1 to login ...

Page 656: ...USB Application USB Disk Status The information for FTP server will be shown as below Now users in LAN of Vigor2926 can access into the USB storage device by typing ftp 192 168 1 1 on any browser They can add or remove files directories depending on the Access Rule for FTP account settings in USB Application USB User Management ...

Page 657: ...de 641 P Pa ar rt t I IX X T Tr ro ou ub bl le es sh ho oo ot ti in ng g This part will guide you to solve abnormal situations if you cannot access into the Internet after installing the router and finishing the web configuration ...

Page 658: ... to check your basic installation status stage by stage Checking if the hardware status is OK or not Checking if the network connection settings on your computer are OK or not Pinging the router from your computer Checking if the ISP settings are OK or not Backing to factory default setting if necessary If all above stages are done and the router still cannot run normally it is the time for you to...

Page 659: ... 1 1 D Di ia al l o ou ut t T Tr ri ig gg ge er ri in ng g Click Diagnostics and click Dial out Triggering to open the web page The internet connection e g PPPoE is triggered by a package sending from the source IP address Available settings are explained as follows Item Description Decoded Format It shows the source IP address local destination IP remote address the protocol and length of the pac...

Page 660: ...s Guide 644 I IX X 1 1 2 2 R Ro ou ut ti in ng g T Ta ab bl le e Click Diagnostics and click Routing Table to open the web page Available settings are explained as follows Item Description Refresh Click it to reload the page ...

Page 661: ...ess Resolution Protocol cache held in the router The table shows a mapping between an Ethernet hardware address MAC Address and an IP address Available settings are explained as follows Item Description Show Specify LAN and VLAN to display related information In default this page will display all of the information about LAN and VLAN Refresh Click it to reload the page ...

Page 662: ...ng between an Ethernet hardware address MAC Address and an IPv6 address This information is helpful in diagnosing network problems such as IP address conflicts etc Click Diagnostics and click IPv6 Neighbour Table to open the web page Available settings are explained as follows Item Description Refresh Click it to reload the page ...

Page 663: ... Table to open the web page Available settings are explained as follows Item Description Index It displays the connection item number IP Address It displays the IP address assigned by this router for specified PC MAC Address It displays the MAC address for the specified PC that DHCP assigned IP address for it Leased Time It displays the leased time of the specified PC HOST ID It displays the host ...

Page 664: ...e settings are explained as follows Item Description Private IP Port It indicates the source IP address and port of local PC Pseudo Port It indicates the temporary port of the router used for NAT Peer IP Port It indicates the destination IP address and port of remote host Interface It displays the representing number for different interface Refresh Click it to reload the page ...

Page 665: ... displayed on Diagnostics DNS Cache Table Available settings are explained as follows Item Description Clear Click this link to remove the result on the window Refresh Click it to reload the page When an entry s TTL is larger than Check the box the type the value of TTL time to live for each entry Click OK to enable such function It means when the TTL value of each DNS query reaches the threshold ...

Page 666: ... Diagnostics and click Ping Diagnosis to open the web page or Available settings are explained as follows Item Description IPV4 IPV6 Choose the interface for such function Ping through Use the drop down list to choose the WAN LTE interface that you want to ping through or choose Unspecified to be ...

Page 667: ...ve the result on the window I IX X 1 1 9 9 D Da at ta a F Fl lo ow w M Mo on ni it to or r This page displays the running procedure for the IP address monitored and refreshes the data in an interval of several seconds The IP address listed here is configured in Bandwidth Management You have to enable IP bandwidth limit and IP session limit before invoking Data Flow Monitor If not a notification di...

Page 668: ... the system automatically Refresh Click this link to refresh this page manually Index Display the number of the data flow IP Address Display the IP address of the monitored device TX rate kbps Display the transmission speed of the monitored device RX rate kbps Display the receiving speed of the monitored device Sessions Display the session number that you specified in Limit Session web page Action...

Page 669: ...oS Use the drop down list to change the priority in data transmission for the specified IP address host Current Peak Speed Current means current transmission rate and receiving rate for WAN interface Peak means the highest peak value detected by the router in data transmission Speed means line speed specified in WAN General Setup If you do not specify any rate at that page here will display Auto f...

Page 670: ...Reset to zero the accumulated RX TX received and transmitted data of WAN Click Refresh to renew the graph at any time The horizontal axis represents time Yet the vertical axis has different meanings For WAN1 WAN2 WAN3 LTE WAN4 Bandwidth chart the numbers displayed on vertical axis represent the numbers of the transmitted and received packets in the past For Sessions chart the numbers displayed on ...

Page 671: ...Vigor2926 Series User s Guide 655 I IX X 1 1 1 11 1 V VP PN N G Gr ra ap ph h Click Diagnostics and click VPN Graph to open the web page ...

Page 672: ...he routes from router to the host Simply type the IP address of the host in the box and click Run The result of route trace will be shown on the screen or Available settings are explained as follows Item Description IPv4 IPv6 Click one of them to display corresponding information for it Trace through Use the drop down list to choose the interface that you want to ping through ...

Page 673: ...lo or re er r Such page provides real time syslog and displays the information on the screen F Fo or r W We eb b S Sy ys sl lo og g This page displays the time and message for User Firewall call WAN VPN settings You can check Enable Web Syslog specify the type of Syslog and choose the display mode you want Later the event of Syslog with specified type will be shown for your reference Available set...

Page 674: ...e of the event occurred Message Display the information for each event F Fo or r U US SB B S Sy ys sl lo og g This page displays the syslog recorded on the USB storage disk Available settings are explained as follows Item Description Time Display the time of the event occurred Log Type Display the type of the record Message Display the information for each event I IX X 1 1 1 14 4 I IP Pv v6 6 T TS...

Page 675: ...formation of the router status will be displayed Vigor routers with the following condtions will be treated as the same DARP group HA enabled the same Redundancy method the same Group ID the same Authentication Key the same Management Interface Open Diagnostics High Availablity Status Available settings are explained as follows Item Description Details Back Details Click it to display detailed sta...

Page 676: ...rmined yet DARP is negotiating YES means the primary router is determined WAN At Least One UP means that at least one WAN interface connects to Internet All WANs Down means that no WAN interface connects to Internet Config Sync Status Not Ready means configuration synchronization is unable to execute or configuration synchronization is disabled or synchronization initialization executes but fails ...

Page 677: ...Vigor2926 Series User s Guide 661 Cick the link of Status Router Name IPv4 or Details the following page will be displayed on the screen ...

Page 678: ...on n L Lo og g This page will display the complete authentication log information Available settings are explained as follows Item Description Enable Check the box to enable such function Refresh Click it to update current page Clear Click it to remove all of the records Syslog Type Specify RADIUS 802 1X or All to display related authentication information log Display Mode Choose the mode you want...

Page 679: ...ronment to find out if there is any abnormal connection Information of IP traced and destination port used for SYN Flood UDP Flood and ICMP Flood attacks will be detected and shown respectively on different pages Moreover IP address detected and suspected to attack the network system can be blocked shortly by clicking the Block button shown on pages of SYN Flood UDP Flood and ICMP Flood Info The i...

Page 680: ...e following web page will be blocked forever Available settings are explained as follows Item Description Blocking IP Type the IP address in this field and click add It will be added to the IP List and appear in the right frame IP list in the right frame will be blocked by Vigor system permanatly Remove It is used to remove selected IP address from the Blocking IP List Refresh Click this link to r...

Page 681: ...Vigor router analyze how multiple packets in a specified file will be sent by a route policy Packet Information Specify the nature of the packets to be analyzed by Vigor router ICMP UDP TCP ANY Specify a protocol for diagnosis Src IP Type an IP address as the source IP Dst IP Type an IP address as the destination IP Dst Port Use the drop down list to specify the destination port Analyze Click it t...

Page 682: ...b of analyzing The analyzed result will be shown on the page If required click export analysis to export the result as a file Note that the analysis was based on the current load balance route policy settings we do not guarantee it will be 100 the same as the real case ...

Page 683: ...e hardware status 1 Check the power line and WLAN LAN cable connections Refer to I 2 Hardware Installation for details 2 Turn on the router Make sure the ACT LED blink once per second and the correspondent LAN LED is bright 3 If not it means that there is something wrong with the hardware status Simply back to I 2 Hardware Installation to execute the hardware installation again And then try again ...

Page 684: ... link is stilled failed please do the steps listed below to make sure the network connection settings is OK F Fo or r W Wi in nd do ow ws s Info The example is based on Windows 7 As to the examples for other operation systems please refer to the similar steps or find support notes in www DrayTek com 1 Open All Programs Getting Started Control Panel Click Network and Sharing Center 2 In the followi...

Page 685: ...or2926 Series User s Guide 669 4 Select Internet Protocol Version 4 TCP IP and then click Properties 5 Select Obtain an IP address automatically and Obtain DNS server address automatically Finally click OK ...

Page 686: ...uide 670 F Fo or r M Ma ac c O OS S 1 Double click on the current used Mac OS on the desktop 2 Open the Application folder and get into Network 3 On the Network screen select Using DHCP from the drop down list of Configure IPv4 ...

Page 687: ...the router correctly F Fo or r W Wi in nd do ow ws s 1 Open the Command Prompt window from Start menu Run 2 Type command for Windows 95 98 ME or cmd for Windows NT 2000 XP Vista 7 The DOS command dialog will appear 3 Type ping 192 168 1 1 and press Enter If the link is OK the line of Reply from 192 168 1 1 bytes 32 time 1ms TTL 255 will appear 4 If the line does not appear please check the IP addr...

Page 688: ...Vigor2926 Series User s Guide 672 ...

Page 689: ...red in Vigor router Check if the LEDs on Vigor router are on or not If not please install an additional switch for connecting both Vigor router and the modem offered by ISP Then check if the LEDs on Vigor router are on or not If the problem of LEDs cannot be solved by the above measures please contact with the nearest reseller or send an e mail to DrayTek FAE for technical support Check if the set...

Page 690: ... c co on nn ne ec ct ti io on n d do oe es s n no ot t w wo or rk k Check the PIN Code of SIM card is disabled or not Please use the utility of 3G 4G USB Modem to disable PIN code and try again If it still fails it might be the compliance problem of system Please open DrayTek Syslog Tool to capture the connection information WAN Log and send the page similar to the following graphic to the service...

Page 691: ...g The password of factory default is null S So of ft tw wa ar re e R Re es se et t You can reset the router to factory default via Web page Such function is available in Admin Mode only Go to System Maintenance and choose Reboot System on the web page The following screen will appear Choose Using factory default configuration and click Reboot Now After few seconds the router will return all the se...

Page 692: ...Vigor2926 Series User s Guide 676 After restore the factory default setting you can configure the settings for the router again to fit your personal request ...

Page 693: ... Co on nt ta ac ct ti in ng g D Dr ra ay yT Te ek k If the router still cannot work correctly after trying many efforts please contact your dealer for further help right away For any questions please feel free to send e mail to support DrayTek com ...

Page 694: ...the difficulty is how to handle the traffics between two or more Ethernet switches Thus VLAN is suitable for some circumstances for example the rental apartment SOHO office and so on These clients may need two or three isolated networks only and setup a network in a simple way T Ta ag g b ba as se ed d The idea of tag based VLAN is to identify a virtual LAN with a specific ID therefore VLAN ID int...

Page 695: ... packet as the VID of Trunk port while forwarding the packets to another switch Bridge mode of WAN P1 and P2 are doing NAT flow to access to the internet but P3 and P4 will forward the packets between WAN and LAN ports directly W We eb b U Us se er r I In nt te er rf fa ac ce e So far there are two kinds of open system on Vigor router One is DrayOS which is DrayTek owned and another is Linux like ...

Page 696: ...Vigor2926 Series User s Guide 680 ...

Page 697: ...Vigor2926 Series User s Guide 681 LAN V VL LA AN N a ap pp pl li ic ca at ti io on ns s o on n V Vi ig go or r r ro ou ut te er r Multi Subnet VLAN of LAN ...

Page 698: ...rver LAN1 LAN2 LAN3 LAN4 However the traffics of the LAN port or SSID that are NOT being grouped in the same VLAN are unable to forward to each other The benefit of Port based is able to extend the wired ports by installing a cheaper dumb switch as many as you need but Tag based offers you a flexible and well managed network The networks are isolated secured and reduce the broadcasting storm effec...

Page 699: ...e to be isolated from your private network due to the security considerations it can be done by above settings However a switch support VLAN function is need if VLAN Tag enabled Triple Play Multi WAN NAT mode with VLAN Following settings the set top box STB is able to attach with any LAN port Video streaming which your ISP provided will be played on your monitor ...

Page 700: ...Vigor2926 Series User s Guide 684 ...

Page 701: ...idge mode with VLAN Set top box STB or the other kinds of media devices are able to attach with Port4 or Port5 of LAN Those devices that attached with Port4 or Port5 are able to access the services network directly which your ISP provided ...

Page 702: ...Vigor2926 Series User s Guide 686 This page is left blank ...

Page 703: ...Vigor2926 Series User s Guide 687 P Pa ar rt t X X T Te el ln ne et t C Co om mm ma an nd ds s ...

Page 704: ...e Windows Features of Telnet Client has been turned on under Control Panel Programs Type cmd and press Enter The Telnet terminal will be open later In the following window type Telnet 192 168 1 1 as below and press Enter Note that the IP address in the example is the default address of the router If you have changed the default enter the current IP address of the router Next type admin admin for A...

Page 705: ...uide 689 For users using previous Windows system e g 2000 XP simply click Start Run and type Telnet 192 168 1 1 in the Open box as below Next type admin admin for Account Password And type to get a list of valid common commands ...

Page 706: ...Vigor2926 Series User s Guide 690 ...

Page 707: ...a enable 1 0 to enable disable this entry n UserName contact UserName max 24 characters p PassWord contact PassWord max 24 characters s select It means to specify an IP address for Server 0 no selection 1 NSW 61 9 192 13 2 QLD 61 9 208 13 3 VIC 61 9 128 13 4 SA 61 9 224 13 5 WA 61 9 240 13 l List List all settings configured E Ex xa am mp pl le e bpa 1 a 1 n testUser p testPassword s 4 bpa l index...

Page 708: ... appe prof i 1 n games The name of APPE Profile 1 was setted T Te el ln ne et t C Co om mm ma an nd d c cs sm m a ap pp pe e s se et t It is used to configure group settings for IM P2P Protocol and Others in APP Enforcement Profile csm appe set i INDEX v GROUP e AP_IDX d AP_IDX S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description INDEX Specify the index number of CSM profile ...

Page 709: ...FTP PROTOCOL 55 HTTP 1 1 PROTOCOL 56 IMAP 4 1 PROTOCOL 57 IMAP STARTTLS 4 1 PROTOCOL 58 IRC 2 4 0 T Te el ln ne et t C Co om mm ma an nd d c cs sm m a ap pp pe e c co on nf fi ig g It is used to display the configuration status enabled or disabled for IM P2P Protocol Other applications csm appe config v INDEX i p t m S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description INDEX ...

Page 710: ...ma an nd d c cs sm m a ap pp pe e i in nt te er rf fa ac ce e It is used to configure APPE signature download interface csm appe interface AUTO WAN S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n P Pa ar ra am me et te er r D De es sc cr ri ip pt ti io on n AUTO Vigor router specifies WAN interface automatically WAN Specify the WAN interface for signature downloading E Ex xa am mp pl le e csm...

Page 711: ... filter profile S Sy yn nt ta ax x csm ucf show csm ucf setdefault csm ucf msg MSG csm ucf obj INDEX n PROFILE_NAME l P B A N uac wf csm ucf obj INDEX n PROFILE_NAME csm ucf obj INDEX p VALUE csm ucf obj INDEX l P B A N csm ucf obj INDEX uac csm ucf obj INDEX wf S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n P Pa ar ra am me et te er r D De es sc cr ri ip pt ti io on n show It means to displ...

Page 712: ... Name game Log none Priority Select Bundle Pass Enable URL Access Control Action pass Prevent web access from IP address No Obj NO Object Name No Grp NO Group Name T Te el ln ne et t C Co om mm ma an nd d c cs sm m u uc cf f o ob bj j I IN ND DE EX X u ua ac c It means to configure the settings regarding to URL Access Control uac S Sy yn nt ta ax x csm ucf obj INDEX uac v csm ucf obj INDEX uac e c...

Page 713: ...m any IP address will be blocked D Disable the function o Set the keyword object KEY_WORD_Object_Index Specify the index number of the object profile g Set the keyword group KEY_WORD_Group_Index Specify the index number of the group profile E Ex xa am mp pl le e csm ucf obj 1 uac i E Profile Index 1 Profile Name game Log none Priority Select Bundle Pass Enable URL Access Control Action pass v Prev...

Page 714: ...CSM profile e It means to enable the restriction of web feature d It means to disable the restriction of web feature a Set the action of web feature P or B B Block The web access meets the web feature will be blocked P Pass The web access meets the web feature will be passed s It means to enable the the Web Feature configuration Features available for configuration are c Cookie p Proxy u Upload u ...

Page 715: ... Description show It means to display the web content filter profiles Look It means to display the license information of WCF Cache It means to set the cache level for the profile Server WCF_SERVER It means to set web content filter server Msg MSG It means de set the administration message MSG means the content less than 255 characters of the message itself setdefault It means to return to default...

Page 716: ...eranc Illegal Drug Nudity Pornography Sexually Explicit Weapons Violence School Cheating Sex Education Tasteless Child Abuse Imges Entertainment Games Sports Travel Leisure Recreation Fashin Beauty Business Job Search Web based Emai Chat Instant Messaging Anonymizers Forums Newsgroups Computers Technology Download Sites Streaming Media Downloads Phishing Fraud Search Engines Portals Social Network...

Page 717: ... v Tasteless v Child Abuse Images leisure Group Entertainment Games Sports Travel Leisure Recreation Fashion Beauty T Te el ln ne et t C Co om mm ma an nd d c cs sm m d dn ns sf f It means to configure the settings regarding to DNS filter csm dnsf enable ON OFF csm dnsf syslog N P B A csm dnsf service WCF_PROFILE csm dnsf service_ucf UCF_PROFILE csm dnsf time CACHE_TIME csm dnsf blockpage show on ...

Page 718: ...ockpage DNS sends block page for redirect port When a web page is blocked by DNS filter the router system will send a message page to describe that the page is not allowed to be visisted ON Enable the function of displaying message page OFF Disable the function of displaying message page SHOW Display the function of displaying message page is ON or OFF profile_show Display the table of the DNS fil...

Page 719: ...count index S service provider T service type D hostname L username P password S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description i value It means index number of Dynamic DNS Account value 1 6 E value It means to enable disable Dynamic DNS Account value 0 Disable 1 Enable W value It means to specify WAN Interface value Must be between 1 8 1 WAN1 First 2 WAN1 Only 3 WAN2 Fir...

Page 720: ...oneEdit DDNS dynamic zoneedit com T value It means to type Servive Type value value must be between 1 3 1 Dynamic 2 Custom 3 Static D Host Name sub Domain Name It means to type Domain Name i e Account index 1 setting Domain Name for Dynamic Service Type ddns set i 1 T 1 D host ddns com cn i e Account index 2 setting Domain Name for Custom Service Type ddns set i 2 T 2 D domain name i e Account ind...

Page 721: ...4400 E Ex xa am mp pl le e ddns time ddns time update in minutes Valid 1 1440 Now 1440 ddns time 1000 ddns time update in minutes Valid 1 1440 Now 1000 T Te el ln ne et t C Co om mm ma an nd d d dd dn ns s f fo or rc ce eu up pd da at te e This command will update DDNS automatically E Ex xa am mp pl le e ddns forceupdate Now updating DDNS Please check result by using command ddns log T Te el ln ne...

Page 722: ...a ax x dos V D A dos s ATTACK_F THRESHOLD TIMEOUT dos a e ATTACK_F ATTACK_0 d ATTACK_F ATTACK_0 S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description V It means to view the configuration of DoS defense system D It means to deactivate the DoS defense system A It means to activate the DoS defense system s It means to enable the defense function for a specific attack and set its ...

Page 723: ...ommand parameter S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description W n W means to select WAN interface n 1 WAN1 2 WAN2 x WANx Default is WAN1 M n M means to set Internet Access Mode Mandatory and n means different modes represented by 0 7 A B n 0 Offline n 1 PPPoE n 2 Dynamic IP n 3 Static IP n 4 PPTP with Dynamic IP n 5 PPTP with Static IP n 6 L2TP with Dynamic IP n 7 L2T...

Page 724: ...e 0 When any WAN disconnect 1 When all WAN disconnect V It means to view Internet Access profile C sim pin code Set PPP mode SIM PIN code max 15 characters for 3G 4G USB Modem O init string Set PPP mode Modem Initial String max 47 characters for 3G 4G USB Modem T init string2 Set PPP mode Modem Initial String2 max 47 characters for 3G 4G USB Modem D dial string Set PPP mode Modem Dial String max 3...

Page 725: ... WAN1 Idle timeout set to always on WAN1 Gateway IP set to 0 0 0 0 internet V WAN1 Internet Mode PPPoE ISP Name tcom Username username Authentication PAP CHAP Idle Timeout 1 WAN IP Dynamic IP internet M 1 u link1 p link1 a 0 WAN1 Internet Mode set to PPPoE PPPoA WAN1 Username set to link1 WAN1 Password set successful WAN1 PPP Authentication Type set to PAP CHAP T Te el ln ne et t C Co om mm ma an ...

Page 726: ... 1 ip pubaddr 192 168 2 5 Set public subnet IP address done T Te el ln ne et t C Co om mm ma an nd d i ip p p pu ub bm ma as sk k This command allows users to set the mask for IP routed subnet of your router S Sy yn nt ta ax x ip pubmask ip pubmask public subnet mask S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description Display an IP address which allows users set as the publi...

Page 727: ... aux add IP Join to NAT Pool ip aux remove Index Where IP Auxiliary WAN IP Address Join to NAT Pool 0 or 1 Index The Index number of table Now auxiliary WAN1 IP Address table Index no Status IP address NAT IP pool 1 Disable 0 0 0 0 Yes 2 Enable 192 168 1 65 Yes When you type ip aux the current auxiliary WAN IP Address table will be shown as the following Index no Status IP address IP pool 1 Enable...

Page 728: ... nmask 255 255 0 0 Set IP netmask OK T Te el ln ne et t C Co om mm ma an nd d i ip p a ar rp p ARP displays the matching condition for IP and MAC address S Sy yn nt ta ax x ip arp add IP address MAC address LAN or WAN ip arp del IP address LAN or WAN ip arp flush ip arp status ip arp accept 0 1 2 3 4 5 status ip arp setCacheLife time In which arp add allows users to add a new IP address into the A...

Page 729: ...sable Accept illegal dest mac arp disable Accept VRRP mac into arp table disable ip arp status ARP Table Index IP Address MAC Address Netbios Name 1 192 168 1 113 00 05 5D E4 D8 EE A1000351 T Te el ln ne et t C Co om mm ma an nd d i ip p d dh hc cp pc c This command is available for WAN DHCP S Sy yn nt ta ax x ip dhcpc option ip dhcpc option h l ip dhcpc option d idx ip dhcpc option e 1 or 0 w wan...

Page 730: ...59200 Leased Time T1 129600 Leased Time T2 226800 Leased Elapsed 259194 Leased Elapsed T1 129594 Leased Elapsed T2 226794 T Te el ln ne et t C Co om mm ma an nd d i ip p p pi in ng g This command allows users to ping IP address of WAN1 WAN2 PVC3 PVC4 PVC5 for verifying if the WAN connection is OK or not S Sy yn nt ta ax x ip ping IP address WAN1 PVC3 PVC4 PVC5 S Sy yn nt ta ax x D De es sc cr ri i...

Page 731: ...16 3 7 10ms 2 172 16 1 2 10ms 3 Request Time out 4 168 95 90 66 50ms 5 211 22 38 134 50ms 6 220 128 2 62 50ms Trace complete T Te el ln ne et t C Co om mm ma an nd d i ip p t te el ln ne et t This command allows users to access specified device by telnet S Sy yn nt ta ax x ip telnet IP address Port S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description IP address Type the WAN o...

Page 732: ...Vigor2926 Series User s Guide 716 Parameter Description 0 1 2 0 means disable 1 means first subnet and 2 means second subnet E Ex xa am mp pl le e ip rip 1 Set RIP 1st subnet ...

Page 733: ...tting for specified WAN interface 1 Enable the function of setting RIP of WAN IP 0 Disable the function E Ex xa am mp pl le e ip wanrip Valid ex ip wanrip ifno e 0 1 ifno 1 WAN1 2 WAN2 3 PVC3 4 PVC4 5 PVC5 e 0 1 0 disable 1 enable Now status WAN 1 Rip Protocol disable WAN 2 Rip Protocol disable WAN 3 Rip Protocol disable WAN 4 Rip Protocol disable WAN 5 Rip Protocol disable ip wanrip 5 e 1 ip wanr...

Page 734: ...address of the destination netmask It means the netmask of the specified IP address gateway It means the gateway of the connected router ifno It means the connection interface 3 WAN1 5 WAN3 6 WAN4 7 WAN5 However WAN3 WAN4 WAN5 are router borne WANs rtype It means the type of the route default default route static static route cnc It means current IP range for CNC Network default Set WAN1 WAN2 off ...

Page 735: ...ation of the T_home service query It means to set IGMP general query interval The default value is 125000 ms ppp 0 No need to set IGMP with PPP header 1 Set IGMP with PPP header status It means to display current status for proxy server E Ex xa am mp pl le e ip igmp t_home on T Home Setting T Home Service is turned on WAN1 Enabled connection type PPPoE without tag for ADSL WAN5 Enabled connection ...

Page 736: ...eave status On enable the IGMP snoop leave checking function Off it will drop LEAVE if still clients on the same group separate It means to set IGMP packets being separated by NAT Bridge On The packets will be separated Off The packets will not be separated by NAT Bridge portchk It means to perform LAN port checking for IGMP packets On Perform the LAN port checking Off No perform the LAN port chec...

Page 737: ...le status IGMP Snooping is Enabled ip igmp_fl enable ip igmp_fl enable disable status IGMP Fast Leave is Enabled ip igmp_fl status ip igmp_fl enable disable status IGMP Fast Leave is Disabled T Te el ln ne et t C Co om mm ma an nd d i ip p d dm mz z Specify MAC address of certain device as the DMZ host S Sy yn nt ta ax x ip dmz mac S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Des...

Page 738: ...sion status ip session show ip session timer num ip session block unblock IP ip session add del IP1 IP2 num p2pnum S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description on It means to turn on session limit for each IP off It means to turn off session limit for each IP default num It means to set the default number of session num limit Defautlp2p num It means to set the default...

Page 739: ...ault tx_rate rx_rate ip bandwidth status ip bandwidth show ip bandwidth add del IP1 IP2 tx rx shared S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description on It means to turn on the IP bandwidth limit off It means to turn off the IP bandwidth limit default tx_rate rx_rate It means to set default tx and rx rate of bandwidth limit The range is from 0 65535 Kpbs status It means t...

Page 740: ...policy Even the IP is not in the policy table it can still access into network off It means to turn off all the bindmac policy strict_on It means that only those IP address in IP bindmac policy table can access into network show It means to display the IP address and MAC address of the pair of binded one add It means to add one ip bindmac del It means to delete one ip bindmac IP It means to type t...

Page 741: ... hold value It means to set the time interval to determine the peer is dead when the router is unable to receive any keepalive message from the peer within the time value Available number is between 10 and 65535 unit second The default is 180 seconds retry value It means to set a period of time to reconnect if the router fails to connect to the neighboring router value Available number is between ...

Page 742: ...for all neighboring routers static sidx ip netmask It means to configure the neighboring router s for exchanging the routing information with the local router sidx Available profile number is between 1 and 6 ip Type the IP address e g 100 100 100 200 netmask Type the subnet mask for the neighboring router e g 255 255 255 0 static sidx delete It means to delete static network settings for neighbori...

Page 743: ... in several commands in one line General Setup for Policy Route i value Specify an index number for setting policy route profile Value 1 to 60 1 means to get a free policy index automatically e 0 1 0 Disable the selected policy route profile 1 Enable the selected policy route profile o value Determine the operation of the policy route Value add Create a new policy rotue profile del Remove an exist...

Page 744: ...number 0 250 The default value is 150 I value Indicate the interface specified for the policy route profile Value Available interfaces include LAN1 LAN8 IP_Routed_Subnet DMZ_Subnet WAN1 WAN5 VPN_PROFILE_1 VPN_PROFILE_100 WAN_1_IP_ALIAS_1 WAN_4_IP_ALIAS_8 g value Indicate the gateway IP address Value The type format shall be xxx xxx xxx xxx e g 192 168 3 1 l value Indicate the failover IP address V...

Page 745: ... packet was dropped because the send to interface of the mat ched policy policy 1 was inactive and there was no failover setting ip policy_rt i 1 o add 1 range s 192 168 1 10 S 192 168 1 20 2 ip_range d 202 211 100 10 D 202 211 100 20 g 202 211 100 1 I WAN2 T Te el ln ne et t C Co om mm ma an nd d i ip p l la an nD DN NS SR Re es s This command is used to set LAN DNS profiles With such feature the...

Page 746: ...ts or only the packets with the same subnet will be replied for address mapping profile 0 reply all subnet packets 1 reply only same subnet packet z It means to update LAN DNS configuration to DNS cache E Ex xa am mp pl le e ip lanDNSRes i 1 n ftp drayTek com Configure Set1 s DomainName ftp drayTek com ip lanDNSRes i 1 n ftp drayTek com ip lanDNSRes i 1 a 172 16 2 10 s 1 ip lanDNSRes i 1 a 172 16 ...

Page 747: ... 1 Configure Set1 s IP 172 16 1 1 ip dnsforward i 1 l Idx 1 State Disable Profile test Domain Name ftp drayTek com DNS Server IP 172 16 1 1 T Te el ln ne et t C Co om mm ma an nd d i ip p6 6 a ad dd dr r This command allows users to set the IPv6 address for your router S Sy yn nt ta ax x ip6 addr s prefix prefix length LAN WAN1 WAN2 iface ip6 addr d prefix prefix length LAN WAN1 WAN2 iface ip6 add...

Page 748: ...mand parameter The available commands with parameters are listed below means that you can type in several commands in one line a It means to show current DHCPv6 status s It means to ask the SIP S It means to ask the SIP name d It means to ask the DNS setting D It means to ask the DNS name n It means to ask NTP i It means to ask NIS I It means to ask NIS name p It means to ask NISP P It means to as...

Page 749: ...o server i parameter It means to send information request to server e parameter It means to enable or disable the DHCPv6 client 1 Enable 0 Disable E Ex xa am mp pl le e ip6 dhcp client WAN2 p 2008 1 ip6 dhcp client WAN2 a Interface WAN2 has following DHCPv6 client settings DHCPv6 client enabled request IA_PD whose IAID equals to 2008 ip6 dhcp client WAN2 n 1023456 ip6 dhcp client WAN2 a Interface ...

Page 750: ... ff02 3 ip6 dhcp server a Interface LAN has following DHCPv6 server settings DHCPv6 server disabled maximum address of the pool FF02 3 minimum address of the pool FF02 1 1st DNS IPv6 Addr FF02 1 T Te el ln ne et t C Co om mm ma an nd d i ip p6 6 i in nt te er rn ne et t This command allows you to configure settings for accessing Internet S Sy yn nt ta ax x ip6 internet W n M n command parameter S ...

Page 751: ... server IPv4 address or URL maximum 63 characters d server It means to set the primary DNS Server IP server type an IPv6 address for first DNS server D server It means to set the secondary DNS Server IP server type an IPv6 address for second DNS server t dhcp ra none It means to set IPv6 PPP WAN test mode for DHCP or RADVD dhcp ra none type IPv6 address V It means to view IPv6 Internet Access Prof...

Page 752: ...a neighbour d It means to delete a neighbour a It means to show neighbour status inet6_addr Type an IPv6 address eth_addr Type submask address LAN WAN1 WAN2 Specify an interface for the neighbor E Ex xa am mp pl le e ip6 neigh s 2001 2222 3333 1111 00 50 7F 11 ac 22 WAN2 Neighbour 2001 2222 3333 1111 successfully added ip6 neigh a I F ADDR MAC STATE LAN FF02 1 33 33 00 00 00 01 CONNECTED WAN2 2001...

Page 753: ...ded T Te el ln ne et t C Co om mm ma an nd d i ip p6 6 r ro ou ut te e This command allows you to S Sy yn nt ta ax x ip6 route s prefix prefix length gateway LAN WAN1 WAN2 iface D ip6 route d prefix prefix length ip6 route a LAN WAN1 WAN2 iface S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description s It means to add a route d It means to delete a route a It means to show the ro...

Page 754: ...nt ta ax x ip6 ping IPV6 address Host LAN WAN1 WAN2 S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description IPV6 address Host It means to specify the IPv6 address or host for ping LAN WAN1 WAN2 It means to specify LAN or WAN interface for such address E Ex xa am mp pl le e ip6 ping 2001 4860 4860 8888 WAN2 Pinging 2001 4860 4860 8888 with 64 bytes of Data Receive reply from 2001...

Page 755: ...01 7F8 1 A501 5169 1 330 ms 6 2001 4860 1 0 4B3 350 ms 7 2001 4860 8 0 2DAF 330 ms 8 2001 4860 2 0 66E 340 ms 9 Request timed out 10 2001 4860 4860 8888 350 ms Trace complete T Te el ln ne et t C Co om mm ma an nd d i ip p6 6 t ts sp pc c This command allows you to display TSPC status S Sy yn nt ta ax x ip6 tspc ifno S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description ifno I...

Page 756: ...me of 0 indicates that the router is not a default router and should not appear on the default router list Type the number unit second you want V It means to show the RADVD configuration r It means RA default test r num It means RA test for item num E Ex xa am mp pl le e ip6 radvd s 1 1800 ip6 radvd V IPv6 Radvd Config Radvd Enable Default Lifetime 1800 seconds T Te el ln ne et t C Co om mm ma an ...

Page 757: ...through http telnet ping E Ex xa am mp pl le e ip6 mngt list add 1 FE80 250 7FFF FE12 1010 128 ip6 mngt list add 2 FE80 250 7FFF FE12 1020 128 ip6 mngt list add 3 FE80 250 7FFF FE12 2080 128 ip6 mngt list IPv6 Access List Index IPv6 Prefix Prefix Length 1 FE80 250 7FFF FE12 1010 128 2 FE80 250 7FFF FE12 1020 128 3 FE80 250 7FFF FE12 2080 128 ip6 mngt status IPv6 Remote Management telnet off http o...

Page 758: ...ta ax x D De es sc cr ri ip pt ti io on n Parameter Description ifno It means the connection interface 1 WAN1 2 WAN2 add It means to add an IPv6 address which can be used to execute management through Internet prefix It means to type the IPv6 address which will be used for accessing Internet prefix length It means to type a fixed value as the length of the prefix remove It means to remove delete t...

Page 759: ... to set IPv6 settings for LAN interface S Sy yn nt ta ax x ip6 lan l n l w d D m o s parameter S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description h It is used to display the usage of such command l n It means to selete LAN interface to be set n 1 LAN1 n 2 LAN2 x LANx Default is LAN1 w n It means to selete WAN interface to be primary interface n 0 None n 1 WAN1 n 2 WAN2 x WA...

Page 760: ...eans to enable disable RIPng n 1 Enable RIPng n 0 Disable RIPng s n It means to show IPv6 LAN setting n 0 show all Default is show all n 1 LAN1 n 2 LAN2 4 LAN4 n 5 DMZ E Ex xa am mp pl le e ip6 lan l 1 w 1 d 2001 4860 4860 8888 o 1 f 0 s 2 Set primary WAN1 Set 1st DNS server 2001 4860 4860 8888 Set Other Option Enable LAN1 support ipv6 This setting will take effect after rebooting Please use sys r...

Page 761: ...number of session num limit status It means to display the current settings show It means to display all IP range session limit settings add It means to add the session limit for an IPv6 range IP1 IP2 Specify a range for IPv6 addresses del It means to delete the session limit for an IPv6 range by first IP IP1 or del all E Ex xa am mp pl le e ip6 session on ip6 session add 2100 ABCD 2 2100 ABCD 10 ...

Page 762: ... 2001 ABCD 2 2001 ABCD 10 Tx 512K Rx 5M shared Current ip6 Bandwidth limit is turn on Current default ip6 Bandwidth rate is Tx 2000K Rx 8000K bps T Te el ln ne et t C Co om mm ma an nd d i ip pf f v vi ie ew w IPF users to view the version of the IP filter to view set the log flag to view the running IP filter rules S Sy yn nt ta ax x ipf view VcdhrtzZ S Sy yn nt ta ax x D De es sc cr ri ip pt ti ...

Page 763: ...er you can type is 0 to 12 0 means disable l VALUE It means to setup Log Flag e g l 2 Type 0 to disable the log flag Type 1 to display the log of passed packet Type 2 to display the log of blocked packet Type 3 to display the log of non matching packet p VALUE It means to setup actions for packet not matching any rule e g p 1 Type 0 to let all the packets pass Type 1 to block all the packets M P2P...

Page 764: ...Tek Banner Enable Apply IP filter to VPN incoming packets Enable Accept large incoming fragmented UDP or ICMP packets Enable Strict Security Checking APP Enforcement T Te el ln ne et t C Co om mm ma an nd d i ip pf f r ru ul le e This command is used to set filter rule for firewall S Sy yn nt ta ax x ipf rule s r command parameter ipf rule s r v S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n...

Page 765: ...epresenting different address type 0 Subnet Address 1 Single Address 2 Any Address 3 Range Address Example Set Subnet Address d u 0 192 168 1 10 255 255 255 0 Set Single Address d u 1 192 168 1 10 Set Any Address d u 2 Set Range Address d u 3 192 168 1 10 192 168 1 15 d o g obj It means to specify destination IP object and IP group o indicates object g indicates group obj indicates index number of...

Page 766: ... profile will be applied index Available settings range from 0 8 0 means no profile will be applied c It means to set code page Different number represents different code page 0 None 1 ANSI 1250 Central Europe 2 ANSI 1251 Cyrillic 3 ANSI 1252 Latin I 4 ANSI 1253 Greek 5 ANSI 1254 Turkish 6 ANSI 1255 Hebrew 7 ANSI 1256 Arabic 8 ANSI 1257 Baltic 9 ANSI 1258 Viet Nam 10 OEM 437 United States 11 OEM 8...

Page 767: ...2000 Current Sessions 0 Mac Bind IP Non Strict Qos Class None APP Enforcement None URL Content Filter None Load Balance policy Auto select Log Disable CodePage ANSI 1252 Latin I Window size 65535 Session timeout 1440 DrayTek Banner Enable Strict Security Checking APP Enforcement T Te el ln ne et t C Co om mm ma an nd d i ip pf f f fl lo ow wt tr ra ac ck k This command is used to set and view flow...

Page 768: ... 11 59939 8 8 8 8 53 ifno 0 REPLY 8 8 8 8 53 192 168 1 11 59939 ifno 3 proto 17 age 93023180 3920 flag 203 ORIGIN 192 168 1 11 15073 8 8 8 8 53 ifno 0 REPLY 8 8 8 8 53 192 168 1 11 15073 ifno 3 proto 17 age 93025100 2000 flag 203 ORIGIN 192 168 1 11 7247 8 8 8 8 53 ifno 0 REPLY 8 8 8 8 53 192 168 1 11 7247 ifno 3 proto 17 age 93020100 7000 flag 203 End to show the flowtrack sessions state T Te el ...

Page 769: ... 0000 1319 8a2e 0370 7343 w value It means to specify IPv6 address of WAN divice e g 2001 1234 0000 0000 1319 8a2e 0370 7344 p value It means to set port number of LAN device e g 65535 q value It means to set port number of WAN device e g 53 e value It means to set MAC address of LAN device e g AA BB CC 11 22 33 set index Index 1 to 5 e value It means to enable disable the test packet Value 1 or 0...

Page 770: ...ww draytek com ipf flowtest send Send TEST Packet ipf flowtest view Test Info Mode UDP Direction LAN WAN LAN IP 192 168 1 111 Port 57005 WAN IP 8 8 8 8 Port 53 LAN MAC 60 E3 27 02 CB B1 Test Result ORIGIN 192 168 1 111 57005 8 8 8 8 53 ifno 0 nat 49969 td_state 1 REPLY 8 8 8 8 53 192 168 200 104 38445 ifno 3 nat 49969 td_state 1 Status Pass Packet 2 Set 13 Rule 1 all_app_flag 1f7f8 send_out 2 wan_...

Page 771: ...rver IP 0 0 0 0 Relay agent IP 0 0 0 0 25 36 33 580 DHCP WAN 5 Len 548XID 0x7880fdd4 Client IP 0 0 0 0 Your IP 0 0 0 0 Next server IP 0 0 0 0 Relay agent IP 0 0 0 0 25 36 41 580 DHCP WAN 5 Len 548XID 0x7880fdd4 Client IP 0 0 0 0 Your IP 0 0 0 0 Next server IP 0 0 0 0 Relay agent IP 0 0 0 0 25 36 49 580 DHCP WAN 5 Len 548XID 0x7880fdd4 Client IP 0 0 0 0 Your IP 0 0 0 0 Next server IP 0 0 0 0 Relay ...

Page 772: ...etup Group Distinguished Name c VALUE Setup Common Name Identifier v View detail information of the LDAP profile E Ex xa am mp pl le e ldap user 1 n LD_user_test1 Profile Name has been updated ldap user 1 v Profile Index 1 Profile Name LD_user_test1 Common Name Identifier Base Distinguished Name Additional Filter Group distinguished Name ldap user 1 b ou People dc example dc com T Te el ln ne et t...

Page 773: ...urrent status of LDAP settings configuration S Sy yn nt ta ax x ldap view E Ex xa am mp pl le e ldap view LDAP Enable Disabled LDAP Bind Type Simple LDAP with SSL Disabled LDAP Regular DN LDAP Regular Password LDAP Server IP LDAP Server Port 389 T Te el ln ne et t C Co om mm ma an nd d t ta ac ca ac cs sp pl lu us s s se et t This command allows users to configure general settings for TACACS serve...

Page 774: ... for TACACS server S Sy yn nt ta ax x tacacspluse view E Ex xa am mp pl le e tacacsplus view TACACS Enable Enable TACACS Server IP 192 168 1 59 TACACS Server Port 49 TACACS Type ASCII TACACS Shared Secret T Te el ln ne et t C Co om mm ma an nd d m mn ng gt t f ft tp pp po or rt t This command allows users to set FTP port for management S Sy yn nt ta ax x mngt ftpport FTP port S Sy yn nt ta ax x D ...

Page 775: ... HTTPS port The default setting is 443 E Ex xa am mp pl le e mngt httpsport 443 Set web server port to 443 done T Te el ln ne et t C Co om mm ma an nd d m mn ng gt t t te el ln ne et tp po or rt t This command allows users to set telnet port for management S Sy yn nt ta ax x mngt telnetport Telnet port S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description Telnet port It means ...

Page 776: ...PING packets will be blocked from LAN PC to Internet viewlog It means to display a log of ping action including source MAC and source IP clearlog It means to clear the log of ping action E Ex xa am mp pl le e mngt noping off No Ping Packet Out is OFF T Te el ln ne et t C Co om mm ma an nd d m mn ng gt t d de ef fe en ns se ew wo or rm m This command can block specified port for passing through the...

Page 777: ...llowed S Sy yn nt ta ax x mngt rmtcfg status mngt rmtcfg enable mngt rmtcfg disable mngt rmtcfg http https ftp telnet ssh tr069 on off S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description status It means to display current setting for your reference enable It means to allow the system administrators to login from the Internet disable It means to deny the system administrators...

Page 778: ...ce offered Available values include FTP HTTP HTTPS TELNET SSH None All i value It means the interface which is allowed to access Available values include LAN2 LAN6 DMZ IP Routed Subnet None All Note LAN1 is always allowed for accessing into the router f It means to flush all of the settings d It means to restore the factory default settings v It means to view current settings h It means to get the...

Page 779: ...n ng gt t a ac cc ce es ss sl li is st t This command allows you to specify that the system administrator can login from a specific host or network A maximum of three IPs subnet masks is allowed S Sy yn nt ta ax x mngt accesslist list mngt accesslist add index ip addr mask mngt accesslist remove index mngt accesslist flush S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description ...

Page 780: ... It means to set one host as the manager to execute SNMP function Please type in IPv4 address to specify certain host t Community name It means to set trap community by typing a proper name max 23 characters n IP address It means to set the IPv4 address of the host that will receive the trap community T seconds It means to set the trap timeout 0 999 V It means to list SNMP setting E Ex xa am mp pl...

Page 781: ...v It means to view current settings E Ex xa am mp pl le e mngt bfp e 1 mngt bfp s FTP mngt bfp l 10 mngt bfp v Current Brute Force Protection Setting Enable yes Service FTP yes HTTP no HTTPS no TELNET no TR069 no SSH no Maximum login failures 10 Penalty period 0 T Te el ln ne et t C Co om mm ma an nd d m ms su ub bn ne et t s sw wi it tc ch h This command is used to configure multi subnet S Sy yn ...

Page 782: ... private IP address for the specified LAN interface E Ex xa am mp pl le e msubnet addr 2 192 168 5 1 Set LAN2 subnet IP address done This setting will take effect after rebooting Please use sys reboot command to reboot the router T Te el ln ne et t C Co om mm ma an nd d m ms su ub bn ne et t n nm ma as sk k This command is used to configure net mask address for the specified LAN interface S Sy yn ...

Page 783: ...0 0 PPP Start IP 0 0 0 60 DHCP server Off Dhcp Gateway 0 0 0 0 Start IP 0 0 0 10 Pool Count 50 T Te el ln ne et t C Co om mm ma an nd d m ms su ub bn ne et t d dh hc cp ps s This command allows you to enable or disable DHCP server for the subnet S Sy yn nt ta ax x msubnet dhcps 2 3 4 5 On Off S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description 2 3 4 5 It means LAN interface ...

Page 784: ...e be reminded to setup a Load Balance policy so that packets from this subnet will be forwarded to the right WAN interface This setting will take effect after rebooting Please use sys reboot command to reboot the router T Te el ln ne et t C Co om mm ma an nd d m ms su ub bn ne et t g ga at te ew wa ay y This command is used to configure an IP address as the gateway used for subnet S Sy yn nt ta ax...

Page 785: ...tting will take effect after rebooting Please use sys reboot command to reboot the router T Te el ln ne et t C Co om mm ma an nd d m ms su ub bn ne et t t ta al lk k This command is used to establish a route between two LAN interfaces S Sy yn nt ta ax x msubnet talk 1 2 3 4 5 1 2 3 4 5 On Off S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description 1 2 3 4 5 It means LAN interfac...

Page 786: ...le e msubnet startip 2 192 168 2 90 Set LAN2 Dhcp Start IP done This setting will take effect after rebooting Please use sys reboot command to reboot the router msubnet startip msubnet startip 2 3 4 5 6 Gateway IP Now LAN2 192 168 2 90 LAN3 192 168 3 10 LAN4 192 168 4 10 LAN5 192 168 5 1 0 LAN6 192 168 6 10 T Te el ln ne et t C Co om mm ma an nd d m ms su ub bn ne et t p pp pp pi ip p This command...

Page 787: ...e type for node which is required by DHCP option S Sy yn nt ta ax x msubnet nodetype 2 3 4 5 count S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description 2 3 4 5 It means LAN interface 2 LAN2 3 LAN3 4 LAN4 5 LAN5 count Choose the following number for specifying different node type 1 B node 2 P node 4 M node 8 H node 0 Not specify any type for node E Ex xa am mp pl le e msubnet ...

Page 788: ... 192 168 3 5 Set LAN2 Dhcp Primary WINS IP done msubnet primWINS msubnet primWINS 2 3 4 5 6 WINS IP Now LAN2 192 168 3 5 LAN3 0 0 0 0 LAN4 0 0 0 0 LAN5 0 0 0 0 LAN6 0 0 0 0 T Te el ln ne et t C Co om mm ma an nd d m ms su ub bn ne et t s se ec cW WI IN NS S This command is used to configure secondary WINS server S Sy yn nt ta ax x msubnet secWINS 2 3 4 5 6 WINS IP S Sy yn nt ta ax x D De es sc cr ...

Page 789: ...erver name Type a name to indicate the TFTP server E Ex xa am mp pl le e msubnet tftp msubnet tftp 2 3 4 5 TFTP server name Now LAN2 LAN3 LAN4 LAN5 LAN6 msubnet tftp 2 publish Set LAN2 TFTP Server Name done msubnet tftp msubnet tftp 2 3 4 5 TFTP server name Now LAN2 publish LAN3 LAN4 LAN5 T Te el ln ne et t C Co om mm ma an nd d m ms su ub bn ne et t m mt tu u This command allows you to configure ...

Page 790: ...t is helpful to manage the IP address es assigned by DHCP server S Sy yn nt ta ax x msubnet leasetime 1 2 3 4 5 6 dmz Lease Time sec S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description 1 2 3 4 5 6 dmz 1 6 represent LAN1 to LAN6 Lease Time sec Range from 1 to 259200 If no value specified here Vigor router system will use the maximum value 259200 as the leasetime E Ex xa am mp...

Page 791: ...means LAN INTERFACE 3 means WAN Example object ip obj 8 i 0 s INVERT It means to set invert seletion for the object profile INVERT 0 means disableing the function INVERT 1 means enabling the function Example object ip obj 3 s 1 a TYPE It means to set the address type and IP for the IP object profile TYPE 0 means Mask TYPE 1 means Single TYPE 2 means Any TYPE 3 means Rang Example object ip obj 3 a ...

Page 792: ... view the information of the specified group profile Example object ip grp 1 v n NAME It means to define a name for the IP group NAME Type a name with less than 15 characters Example object ip grp 8 n bruce i INTERFACE It means to define an interface for the IP group INTERFACE 0 means any INTERFACE 1 means LAN INTERFACE 2 means WAN Example object ip grp 3 i 0 a IP_OBJ_INDEX It means to specify IP ...

Page 793: ...Vigor2926 Series User s Guide 777 Name First Interface Lan Included ip object index 0 1 1 2 2 0 3 0 4 0 5 0 6 0 7 0 ...

Page 794: ...Type a name with less than 15 characters Example object ip obj 9 n bruce i INTERFACE It means to define an interface for the IP object INTERFACE 0 means any INTERFACE 1 means LAN INTERFACE 3 means WAN Example object ip obj 8 i 0 s INVERT It means to set invert seletion for the object profile INVERT 0 means disableing the function INVERT 1 means enabling the function Example object ip obj 3 s 1 a T...

Page 795: ...r all profiles INDEX It means the index number of the specified group profile v It means to view the information of the specified group profile Example object ip grp 1 v n NAME It means to define a name for the IP group NAME Type a name with less than 15 characters Example object ip grp 8 n bruce i INTERFACE It means to define an interface for the IP group INTERFACE 0 means any INTERFACE 1 means L...

Page 796: ...name with less than 15 characters Example object service obj 9 n bruce i PROTOCOL It means to define a PROTOCOL for the service object profile PROTOCOL 0 means any PROTOCOL 1 means ICMP PROTOCOL 2 means IGMP PROTOCOL 6 means TCP PROTOCOL 17 means UDP PROTOCOL 255 means TCP UDP Other values mean other protocols Example object service obj 8 i 0 CHK It means the check action for the port setting 0 eq...

Page 797: ... et t C Co om mm ma an nd d o ob bj je ec ct t s se er rv vi ic ce e g gr rp p This command is used to integrate several service objects under a service group profile S Sy yn nt ta ax x object service grp setdefault object service grp INDEX v object service grp INDEX n NAME object service grp INDEX a SER_OBJ_INDEX S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description setdefaul...

Page 798: ...t kw obj setdefault object kw obj show PAGE object kw obj INDEX v object kw obj INDEX n NAME object kw obj INDEX a CONTENTS S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description setdefault It means to return to default settings for all profiles show PAGE It means to show the contents of the specified profile PAGE type the page number show It means to show the contents for all ...

Page 799: ...CATEGORY FILE_EXTENSION S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description show It means to show the contents for all of the profiles setdefault It means to return to default settings for all profiles INDEX It means the index number from 1 to 8 of the specified file extension object profile v It means to view the information of the specified file extension object profile n ...

Page 800: ...if tiff Video category asf avi mov mpe mpeg mpg v mp4 qt rm v wmv 3gp 3gpp 3gpp2 3g2 Audio category v aac v aiff v au v mp3 v m4a v m4p v ogg v ra v ram v vox v wav v wma Java category class jad jar jav java jcm js jse jsp jtk ActiveX category alx apb axs ocx olb ole tlb viv vrm Compression category ace arj bzip2 bz2 cab gz gzip rar sit zip Executation category bas bat com exe inf pif reg scr T Te...

Page 801: ... www pswin com EU 12 www messagebird com EU 13 www lusosms com EU 14 www vibeactivemedia com UK u Username It means to define a user name for the SMS object profile Type a user name that the sender can use to register to selected SMS provider p Password It means to define a password for the SMS object profile Type a password that the sender can use to register to selected SMS provider q Quota Type...

Page 802: ...s s SMTP Server It means to set the IP address of the mail server l Use SSL It means to use port 465 for SMTP server for some e mail server uses https as the transmission method 0 disable 1 enable to use the port number m SMTP Port It means to set the port number for SMTP server a Sender Address It means to set the e mail address e g johnwash abc com tw of the sender t Authentication The mail serv...

Page 803: ... characters e It means to enable the status of specified category d It means to disable the status of specified category Category Available categories are 1 WAN 2 VPN Tunnel 3 Temperature Alert 4 WAN Budget 5 CVM 6 High Availability status For WAN 1 Disconnected 2 Reconnected For VPN Tunnel 1 Disconnected 2 Reconnected For Temperature Alert 1 Out of Range For WAN Budget 1 Limit Reached For CVM 1 C...

Page 804: ... minute It means to set the starting time of the profile hour Must be between 0 23 minute Must be between 0 59 For example To set Start Time 10 20 type object schedule set 1 T 10 20 d hour minute It means to set the duration time of the profile hour Must be between 0 23 minute Must be between 0 59 For example To set Duration Time 3 30 type object schedule set 1 d 3 30 a value It means to set the a...

Page 805: ...isable 1 2 3 4 all port status port sniff on off port txrx restart status port 802 1x enable disable status addport delport port jumbo port wanfc port spoof on off stat port mac_flush S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description 1 2 3 4 5 wan1 wan2 all It means the number of LAN port and WAN port AN 10H It means the physical type for the specific port AN auto negotiat...

Page 806: ...MP protocol sec Type a number to set the IGMP session timeout w sec It means TCP WWW protocol sec Type a number to set the TCP WWW session timeout s sec It means TCP SYN protocol sec Type a number to set the TCP SYN session timeout f It means to flush all portmaps useful for diagnostics l List List all settings E Ex xa am mp pl le e portmaptime t 86400 u 300 i 10 portmaptime l Current setting TCP ...

Page 807: ...cific Host mode s start port Specify a starting port number for Specific Host mode e end port Specify an ending port number for Specific Host mode E Ex xa am mp pl le e ppa m 1 p 1 b 0 Set ok The PPA mode is Auto You need to set the Manual mode first TWO way accleration is disable ppa v PPA mode is Auto PPA Protocol TCP 1 UDP 0 PPA two way disable PPA time is 10 PPA range is 192 PPA LAN entries 0 ...

Page 808: ... to and eable QoS control 0 disable 1 in apply to incoming traffic only 2 out apply to outgoing traffic only 3 both apply to both incoming and outgoing traffic Default is enable for outgoing traffic i bandwidth It means to set inbound bandwidth in kbps Ethernet WAN only The available setting is from 1 to 100000 o bandwidth It means to set outbound bandwidth in kbps Ethernet WAN only The available ...

Page 809: ... the usage of this command c no Specify the inde number for the class Available value for no contains 1 2 and 3 The default setting is class 1 n name It means to type a name for the class a It means to add rule for specified class e no It means to edit specified rule no type the index number for the rule d no It means to delete specified rule no type the index number for the rule m mode It means t...

Page 810: ... Show the rule in the specified class It means that you can type in several commands in one line E Ex xa am mp pl le e qos class c 2 n draytek a m 1 l 192 168 1 50 192 168 1 80 Following setting will set in the class2 class 2 name set to draytek Add a rule in class2 Class2 the 1 rule enabled Set local address type to Range 192 168 1 50 192 168 1 80 T Te el ln ne et t C Co om mm ma an nd d q qo os ...

Page 811: ...h QoS for VoIP E Ex xa am mp pl le e qos voip off QoS for VoIP Disable SIP Port 5060 T Te el ln ne et t C Co om mm ma an nd d q qu ui it t This command can exit the telnet command screen T Te el ln ne et t C Co om mm ma an nd d s sh ho ow w l la an n This command displays current status of LAN IP address settings E Ex xa am mp pl le e show lan The LAN settings ip mask dhcp star_ip pool gateway V L...

Page 812: ... mp pl le e show dns Domain name server settings Primary DNS Not set Secondary DNS Not set T Te el ln ne et t C Co om mm ma an nd d s sh ho ow w o op pe en np po or rt t This command displays current status of open port setting E Ex xa am mp pl le e show openport Openport settings Index Status Comment Local IP Address No data entry T Te el ln ne et t C Co om mm ma an nd d s sh ho ow w n na at t Th...

Page 813: ... w p pm mt ti im me e This command displays the reuse time of NAT session Level0 It is the default setting Level1 It will be applied when the NAT sessions are smaller than 25 of the default setting Level2 It will be applied when the NAT sessions are smaller than the eighth of the default setting E Ex xa am mp pl le e show pmtime Level0 TCP 86400001 UDP 300001 ICMP 10001 Level1 TCP 600000 UDP 90000...

Page 814: ...1 wan2 tx rx weekly show traffic session weekly E Ex xa am mp pl le e show traffic session weekly0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0...

Page 815: ...witch connects to this router Then type the index number of this VigorSwitch in this field wan or lan wan Specify WAN interface WAN1 to WAN2 for Vigor router lan Specify LAN interface LANA LANB for VigorAP tx rx Tx Inidcate transmitted data Rx Indicate receivied data weekly Display the transmitted data or receivied data collected weekly E Ex xa am mp pl le e show clienttraffic 01 lana tx weekly 0 ...

Page 816: ... 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0...

Page 817: ...Bytes WAN5 total TX 0 Bytes RX 0 Bytes T Te el ln ne et t C Co om mm ma an nd d s sm mb b s se et tt ti in ng g This command is used to configure file sharing settings for SMB server S Sy yn nt ta ax x smb setting enable disable smb setting show status smb setting set workgroup Workgroup name smb setting set host host name smb setting set access LAN or LANWAN S Sy yn nt ta ax x D De es sc cr ri ip...

Page 818: ...AN port 1 2 3 4 d id It menas to turn off the flag of LAN port 1 2 3 4 v It menas to view current status E Ex xa am mp pl le e srv dhcp dhcp2 l 1 e 1 srv dhcp dhcp2 v 2nd DHCP server flag status Server works on specified MAC address ON Server works on specified LAN port ON Port 1 flag ON Port 2 flag ON Port 3 flag OFF Port 4 flag OFF T Te el ln ne et t C Co om mm ma an nd d s sr rv v d dh hc cp p ...

Page 819: ...ses in the pool The maximum is 10 status It means the execution result of this command add It means creating a list of hosts to be assigned del It means removing the selected MAC address MAC Addr It means to specify MAC Address of the host all ALL It means all of the MAC addresses E Ex xa am mp pl le e Vigor ip route add 192 168 1 56 255 255 255 0 192 168 1 12 3 default Vigor srv dhcp public statu...

Page 820: ... le e srv dhcp dns1 168 95 1 1 srv dhcp dns1 DNS IP address Now 168 95 1 1 IP Routed Subnet dns same as NAT Subnet dns T Te el ln ne et t C Co om mm ma an nd d s sr rv v d dh hc cp p d dn ns s2 2 This command allows users to set Secondary IP Address for DNS Server in LAN S Sy yn nt ta ax x srv dhcp dns2 srv dhcp dns2 DNS IP address S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Des...

Page 821: ...v dhcp frcdnsmanl on Domain name server now is using manual settings srv dhcp frcdnsmanl off Domain name server now is using auto settings T Te el ln ne et t C Co om mm ma an nd d s sr rv v d dh hc cp p g ga at te ew wa ay y This command allows users to specify gateway address for DHCP server S Sy yn nt ta ax x srv dhcp gateway srv dhcp gateway Gateway IP S Sy yn nt ta ax x D De es sc cr ri ip pt ...

Page 822: ...sys reboot command to reboot router T Te el ln ne et t C Co om mm ma an nd d s sr rv v d dh hc cp p o on n This function allows users to turn on DHCP server It needs rebooting router please type sys reboot command to reboot router T Te el ln ne et t C Co om mm ma an nd d s sr rv v d dh hc cp p r re el la ay y This command allows users to set DHCP relay setting S Sy yn nt ta ax x srv dhcp relay ser...

Page 823: ...his command can display general information for the DHCP server such as IP address MAC address leased time host ID and so on E Ex xa am mp pl le e srv dhcp status DHCP server Relay Agent Default gateway 192 168 1 1 Index IP Address MAC Address Leased Time HOST ID 1 192 168 1 113 00 05 5D E4 D8 EE 17 20 08 A1000351 T Te el ln ne et t C Co om mm ma an nd d s sr rv v d dh hc cp p l le ea as se et ti ...

Page 824: ... nodetype count 1 B node 2 P node 4 M node 8 H node Now 1 T Te el ln ne et t C Co om mm ma an nd d s sr rv v d dh hc cp p p pr ri im mW WI IN NS S This command can set the primary IP address for the DHCP server S Sy yn nt ta ax x srv dhcp primWINS WINS IP address srv dhcp primWINS clear S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description WINS IP address It means the IP addre...

Page 825: ... ne et t C Co om mm ma an nd d s sr rv v d dh hc cp p e ex xp pi ir re ed d_ _R Re ec cy yc cl le eI IP P This command can set the time to check if the IP address can be assigned again by DHCP server or not S Sy yn nt ta ax x srv dhcp expRecycleIP sec time S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description sec time It means to set the time 5 300 seconds for checking if the ...

Page 826: ... srv dhcp option d idx srv dhcp option e 1 or 0 c option number v option value srv dhcp option e 1 or 0 c option number a option value srv dhcp option e 1 or 0 c option number x option value srv dhcp option u idx unmber S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description h It means to display usage of this command l It means to display all the user defined DHCP options d idx...

Page 827: ... to certain host 1 wan1 2 wan2 m It means the index number of the DMZ host Default setting is 1 WAN 1 It is only available for Static IP mode If you use other mode you can set 1 8 in this field If WAN IP alias has been configured then the number of DMZ host can be added more command parameter The available commands with parameters are listed below means that you can type in several commands in one...

Page 828: ...mm ma an nd d s sr rv v n na at t o op pe en np po or rt t This command allows users to set open port settings for NAT server S Sy yn nt ta ax x srv nat openport n m command parameter S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description n It means the index number for the profiles The range is from 1 to 20 m It means to specify the sub item number for this profile The range i...

Page 829: ...nport v Status Enable Comment games Private IP address 192 168 1 100 Index Protocal Start Port End Port 1 TCP 23 83 Status Disable Comment Private IP address 0 0 0 0 Index Protocal Start Port End Port Status Disable Comment Private IP address 0 0 0 0 Index Protocal Start Port End Port T Te el ln ne et t C Co om mm ma an nd d s sr rv v n na at t p po or rt tm ma ap p This command allows users to se...

Page 830: ...x It means to remove the selected port redirection setting disable idx It means to inactivate the selected port redirection setting enable idx It means to activate the selected port redirection setting flush It means to clear all the port mapping settings table It means to display Port Redirection Configuration Table E Ex xa am mp pl le e srv nat portmap add 1 game tcp 80 192 168 1 11 100 wan1 srv...

Page 831: ... 0 9 0 0 0 0 0 0 0 10 0 0 0 0 0 0 0 11 0 0 0 0 0 0 0 12 0 0 0 0 0 0 0 13 0 0 0 0 0 0 0 14 0 0 0 0 0 0 0 15 0 0 0 0 0 0 0 16 0 0 0 0 0 0 0 17 0 0 0 0 0 0 0 18 0 0 0 0 0 0 0 19 0 0 0 0 0 0 0 20 0 0 0 0 0 0 0 MORE q Quit Enter New Lines Space Bar Next Page T Te el ln ne et t C Co om mm ma an nd d s sr rv v n na at t s sh ho ow wa al ll l This command allows users to view a summary of NAT port redirec...

Page 832: ...ay the data transmission from the client E Ex xa am mp pl le e switch i 1 traffic on External Device NO 1 traffic statistic function is enable T Te el ln ne et t C Co om mm ma an nd d s sw wi it tc ch h s st ta at tu us s This command is used to display current status for external devices E Ex xa am mp pl le e switch status External Device auto discovery status Disable No Respond to External Devic...

Page 833: ... om mm ma an nd d s sw wi it tc ch h l li is st t This command is used to display the connection status of the switch E Ex xa am mp pl le e switch list No Mac IP status Dur Time Model_Name 1 00 50 7f cd 07 48 192 168 1 3 On Line 00 01 01 Vigor2920 Series T Te el ln ne et t C Co om mm ma an nd d s sw wi it tc ch h c cl le ea ar r This command is used to reset the switch table and reboot the router ...

Page 834: ...interface of Vigor router S Sy yn nt ta ax x sys adminuser option sys adminuser edit index username password S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description option Available options includes Local 0 1 LDAP 0 1 edit INDEX delete INDEX view INDEX Local 0 1 0 Disable the local user 1 Enable the local user LDAP 0 1 0 Disable the LDAP 1 Enable the LDAP edit INDEX username pas...

Page 835: ...vice 0 disable 1 enable s enable It is used to disable enable SSH service 0 disable 1 enable p enable It is used to disable enable printer service 0 disable 1 enable 6 enable It is used to disable enable IPv6 0 disable 1 enable E Ex xa am mp pl le e sys bonjour s 1 T Te el ln ne et t C Co om mm ma an nd d s sy ys s c cf fg g This command reset the router with factory default settings When a user t...

Page 836: ...off It means to turn off the FTP server of the system E Ex xa am mp pl le e sys ftpd on sys ftpd turn on T Te el ln ne et t C Co om mm ma an nd d s sy ys s d do om ma ai in nn na am me e This command can set and remove the domain name of the system when DHCP mode is selected for WAN S Sy yn nt ta ax x sys domainname wan1 wan2 Domain Name Suffix sys domainname wan1 wan2 clear S Sy yn nt ta ax x D D...

Page 837: ...e IP Address 0 0 0 0 Netmask 0xFFFFFFFF MAC 00 50 7F 00 00 00 Interface 4 Ethernet Status DOWN IP Address 0 0 0 0 Netmask 0x00000000 MAC 00 50 7F 00 00 02 Interface 5 Ethernet Status DOWN IP Address 0 0 0 0 Netmask 0x00000000 MAC 00 50 7F 00 00 03 Interface 6 Ethernet Status DOWN IP Address 0 0 0 0 Netmask 0x00000000 MAC 00 50 7F 00 00 04 Interface 7 Ethernet Status DOWN IP Address 0 0 0 0 Netmask...

Page 838: ... wan2 Note Such name can be used to recognize router s identification in SysLog dialog T Te el ln ne et t C Co om mm ma an nd d s sy ys s p pa as ss sw wd d This command allows users to set password for the administrator sys passwd ASCII string S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description ASCII string It means the password for administrator The maximum character that ...

Page 839: ...users to save current settings to FLASH Usually current settings will be saved in SRAM Yet this command will save the file to FLASH E Ex xa am mp pl le e sys commit T Te el ln ne et t C Co om mm ma an nd d s sy ys s t tf ft tp pd d This command can turn on TFTP server for upgrading the firmware E Ex xa am mp pl le e sys tftpd TFTP server enabled T Te el ln ne et t C Co om mm ma an nd d s sy ys s v...

Page 840: ...1 Buf KMC56 56B used 20 cached 44 Buf KMC24 24B used 58 cached 70 Dynamic memory 13107200B 4573168B used 190480B 0B in level 1 2 cache FLOWTRACK Memory Status of free 12000 of maximum 0 of flowstate 12000 of lost by siganture 0 of lost by list 0 T Te el ln ne et t C Co om mm ma an nd d s sy ys s p po ol ll lb bu uf f This command can turn on or turn off polling buffer for the router S Sy yn nt ta ...

Page 841: ...etnoti parm sys tr069 setnoti parm value sys tr069 log sys tr069 debug on off sys tr069 save sys tr069 inform event code sys tr069 port port num sys tr069 cert_auth on off S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description get parm option It means to get parameters for tr 069 option nextlevel only gets nextlevel for GetParameterNames set parm value It means to set parameter...

Page 842: ...NDeviceNumberOfEntries InternetGatewayDevice DeviceInfo InternetGatewayDevice ManagementServer InternetGatewayDevice Time InternetGatewayDevice Layer3Forwarding InternetGatewayDevice LANDevice InternetGatewayDevice WANDevice InternetGatewayDevice Services InternetGatewayDevice X_00507F_InternetAcc InternetGatewayDevice X_00507F_LAN InternetGatewayDevice X_00507F_NAT InternetGatewayDevice X_00507F_...

Page 843: ...d T Te el ln ne et t C Co om mm ma an nd d s sy ys s r rt ts sp p_ _a al lg g This command is used to configure settings e g listen port for ALG with the protocol of RTSP S Sy yn nt ta ax x sys rtsp_alg command parameter S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description e 1 0 Enable disable the function of RTSP ALG 0 Disable 1 Enable p value Set your listening port for RTS...

Page 844: ...r Description licmsg It means to display license message licauth It means the license authentication time setting regser It means the license register server setting licera It means to erase license setting licifno It means license and signature download interface setting lic_wiz set reg qry It means the license wizard setting qry query service support status set idx trial service type sp_id start...

Page 845: ...tus It means to show the status of diagnostic log enable It means to enable the function of diag_log disable It means to disenable the function of diag_log flush It means the flush log buffer lineno w It means the total lines for displaying message w Available value ranges from 100 to 50000 level x It determines the level of data displayed x Available value ranges from 0 to 12 The larger the numbe...

Page 846: ...ing VDSL2 mode 0 00 03 DSL modem code 05 04 08 00 00 06 0 00 05 DSL Status was switched FirmwareRequest 1 to firmwareReady 3 0 00 05 DSL Status was switched firmwareReady 3 to Init 5 0 00 05 DSL nXtseA 0d nXtseB 00 nXtseV 07 nFwFeatures 5 0 00 05 DSL nHsToneGroupMode 0 nHsToneGroup 106 nToneSet 43 nCamState 2 0 00 05 DSL Line state has changed 000000FF 00000100 0 00 05 DSL Line state has changed 0...

Page 847: ...tailed settings of the starting day for time range type year must be the year after 2013 month 1 12 day 1 31 hour 0 23 e g sys daylightsave s 2014 3 10 12 d year month day hour Set the detailed settings of the ending day for time range type year After 2013 month 1 12 day 1 31 hour 0 23 e g sys daylightsave d 2014 9 10 12 y month th weekday day in week hour Set the detailed settings of the starting...

Page 848: ...a am mp pl le e sys dnsCacheTbl l DNS Cache Table List sys dnsCacheTbl t 65 Set TTL limit 65 seconds When TTL larger than 65s delete the DNS entry in the router s DNS cache tabl e T Te el ln ne et t C Co om mm ma an nd d s sy ys s s sy ys sl lo og g This command is used to configure S Sy yn nt ta ax x sys syslog a enable command parameter S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parame...

Page 849: ...Server IP Set IP Address for SMTP server o SMTP Server Port Set port number for SMTP server a Mail Address Set E maiil address for alert mail reciver r Mail Address Set E mail Address for mail return s 0 1 Enable disable the function of Use SSL 0 Disable 1 Enable h 0 1 Enable disable SMTP Authentication 0 Disable 1 Enable u Username Set username for SMTP Authentication p Password Set password for ...

Page 850: ...x sys time server domain sys time inquire sys time show sys time zone index S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description domain Type the domain name of the time server The maximum length is 39 characters index Different number means different time zone 1 GMT 12 00 Eniwetok Kwajalein 2 GMT 11 00 Midway Island Samoa 3 GMT 10 00 Hawaii 4 GMT 09 00 Alaska 5 GMT 08 00 Paci...

Page 851: ... Muscat 46 GMT 04 00 Baku Tbilisi 47 GMT 04 30 Kabul 48 GMT 05 00 Ekaterinburg 49 GMT 05 00 Islamabad Karachi Tashkent 50 GMT 05 30 Bombay Calcutta 51 GMT 05 30 Madras New Delhi 52 GMT 06 00 Astana Almaty Dhaka 53 GMT 06 00 Colombo 54 GMT 07 00 Bangkok Hanoi Jakarta 55 GMT 08 00 Beijing Chongqing 56 GMT 08 00 Hong Kong Urumqi 57 GMT 08 00 Singapore 58 GMT 08 00 Taipei 59 GMT 08 00 Perth 60 GMT 09 ...

Page 852: ...mpatibility T Te el ln ne et t C Co om mm ma an nd d s sy ys s d da as sh hb bo oa ar rd d This command is used to display hide items such as System Information Interface on dashboard S Sy yn nt ta ax x sys dashboard command value sys dashboard show S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description command value The available commands with parameters are listed below means...

Page 853: ...l l This command is used to display current settings for sending test mail E Ex xa am mp pl le e testmail Send out test mail Mail Alert Disable SMTP_Server 0 0 0 0 Mail to Return Path T Te el ln ne et t C Co om mm ma an nd d u up pn np p o of ff f This command can close UPnP function E Ex xa am mp pl le e upnp off UPNP say bye bye T Te el ln ne et t C Co om mm ma an nd d u up pn np p o on n This c...

Page 854: ...age T Te el ln ne et t C Co om mm ma an nd d u up pn np p s se er rv vi ic ce e This command can display the information of the UPnP service UPnP service must be enabled first E Ex xa am mp pl le e upnp on UPNP start upnp service SERVICE TABLE1 serviceType urn schemas microsoft com service OSInfo 1 serviceId urn microsoft com serviceId OSInfo1 SCPDURL upnp OSInfo xml controlURL OSInfo1 eventURL OS...

Page 855: ...ey 1 expireTime 6926 active 1 DeliveryURLs http 192 168 1 113 2869 upnp eventing twtnpnsiun 2 serviceType urn schemas upnp org service WANCommonInterfaceConfig 1 Subscribtion1 sid d9cd47a5 d9c9 4d3d 8043 d03a82f27983 eventKey 1 ToSendEventKey 1 T Te el ln ne et t C Co om mm ma an nd d u up pn np p t tm mp pv vs s This command can display current status of temp Virtual Server of your router E Ex xa...

Page 856: ... le e upnp wan 1 use wan1 now T Te el ln ne et t C Co om mm ma an nd d u us sb b l li is st t This command is use to display the information about the brand name and model name of the USB modems which are supported by Vigor router E Ex xa am mp pl le e usb list Brand Module Standard Aiko Aiko 83D 3 5G Y BandRich Bandluxe C170 3 5G Y BandRich Bandluxe C270 3 5G Y BandRich Bandluxe C321 3 5G Y BandR...

Page 857: ...ter Description add Add a new user profile Rm Delete an existed user profile enable Enable a user profile disable Disable a user profile list Display all of the user profile index It means the index number of the user profile There are 16 profiles allowed to be configured So the range of such option is 1 16 Username Type a text maximum 11 characters as the username for the user profile Password Ty...

Page 858: ... IPv6 w WAN_idx WAN_idx Indicate the WAN interface 1 WAN1 2 WAN2 3 WAN3 4 WAN4 l LAN_idx LAN_idx Indicate the LAN interface 1 LAN1 2 LAN2 3 LAN3 4 LAN4 e 0 1 Enable 1 or disable 0 the Vigor Bridge for WAN or and LAN f 0 1 Enable 1 or disable 0 the firewall functions E Ex xa am mp pl le e vigbrg set v 4 w 1 l 1 e 1 WAN1 IPv4 bridge is enable Set subnet LAN1 T Te el ln ne et t C Co om mm ma an nd d ...

Page 859: ...e modem change from ADSL router into bridge modem including index number MAC address Stamp Time PVC VLAN port for Vigor Bridge Function E Ex xa am mp pl le e vigbrg wanstatus Vigor Bridge Running WAN mac table Index MAC Address Stamp Time PVC VLan Port T Te el ln ne et t C Co om mm ma an nd d v vi ig gb br rg g w wl la an ns st ta at tu us s This command can display the existed WLAN connection sta...

Page 860: ... el ln ne et t C Co om mm ma an nd d v vl la an n o of ff f This command allows you to disable VLAN function S Sy yn nt ta ax x vlan off E Ex xa am mp pl le e vlan off VLAN is Disable Force subnet LAN2 3 4 to be disabled T Te el ln ne et t C Co om mm ma an nd d v vl la an n o on n This command allows you to enable VLAN function S Sy yn nt ta ax x vlan on E Ex xa am mp pl le e vlan on VLAN is Enabl...

Page 861: ...display current status for VLAN S Sy yn nt ta ax x vlan status E Ex xa am mp pl le e vlan status VLAN is Enable VLAN Enable VID Pri p1 p2 p3 p4 s1 s2 s3 s4 subnet 0 OFF 0 0 1 LAN1 1 OFF 0 2 1 LAN1 2 OFF 0 0 1 LAN1 3 OFF 0 0 V V V 1 LAN1 4 OFF 0 0 1 LAN1 5 OFF 0 0 1 LAN1 6 OFF 0 0 1 LAN1 7 OFF 0 0 1 LAN1 Note they are only untag for s1 s2 s3 s4 but they can join tag vlan with lan ports Permit untag...

Page 862: ...ns to display if submode is normal mode or promiscuous mode E Ex xa am mp pl le e vlan submode status vlan subnet mode normal mode vlan submode on vlan subnet mode modified to promiscuous mode vlan submode status vlan subnet mode promiscuous mode T Te el ln ne et t C Co om mm ma an nd d v vl la an n t ta ag gg ge ed d This command is used to enable or disable the incoming of untagged packets S Sy ...

Page 863: ... as the VLAN ID number The range is form 0 to 4095 E Ex xa am mp pl le e vlan vid 1 4095 VLAN1 vid 4095 T Te el ln ne et t C Co om mm ma an nd d v vl la an n s sy ys sv vi id d This command is used to modify and show the scope reserved 78 of the VLAN IDs used internally by the system S Sy yn nt ta ax x vlan sysvid show n S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description sh...

Page 864: ...tact sip change_me 192 168 1 1 Max Forwards 70 supported 100rel replaces User Agent DrayTek UA 1 2 3 DrayTek Vigor2910 Allow INVITE ACK CANCEL OPTIONS BYE INFO REFER NOTIFY PRACK Content Type application sdp Content Length 264 v 0 o change_me 5972727 56415 IN IP4 192 168 1 1 T Te el ln ne et t C Co om mm ma an nd d v vo oi ip p d di ia al lp pl la an n This command allows users to set phone book s...

Page 865: ...parameter The available commands with parameters are listed below d number Specify the speed dial number c url Contact SIP URL l max 59 characters n name Contact name max 23 characters a enable Enable disable the specify entry m mode Specify backup number mode 0 none 2 PSTN b number Spedify the backup number o acc num Specify the dial out account 0 default 1 acc1 2 acc2 12 acc12 z enable Enable di...

Page 866: ...r disable the local calls 1 enable 0 disable E Ex xa am mp pl le e voip dialplan phonebook 1 d 1125 voip dialplan region l 8 voip dialplan region v Your Setting for Regional Regional Function is Enable Return the Last Miss Call 20 Return the Last Incoming Call 12 Return the Last Outgoing Call 1 Hotkey to enable call forwarding all function 0 Hotkey to enable call forwarding busy function 90 Hotkey...

Page 867: ...t ti io on n Parameter Description voip dsp countrytone channel value This command allows users to set the region for the tone settings Different regions usually need different tone settings Channel 1 or 2 Value displayed as follows 2 UK 3 USA 4 Denmark 5 Italy 6 Germany 7 Netherlands 8 Portugal 9 Sweden 10 Australia 11 Slovenia 12 Czech 13 Slovakia 14 Hungary 15 Switzerland 16 France 17 Malta voi...

Page 868: ... 1 or FXS 2 1 FXS 1 2 FXS 2 value 1 10 The larger the number is the louder the volume will be voip dsp spkgain channel Adjust the volume of speaker by entering number from 1 10 for FXS 1 or FXS 2 1 FXS 1 2 FXS 2 value 1 10 The larger the number is the louder the volume will be voip dsp jb port Set the size of jitter buffer Available settings are 0 FXS1 and 1 FXS2 mode Available settings are Fixed ...

Page 869: ...uency Level 0 100 Power level for dtmf frequency in 0 3 dB steps 0 map to 0dB 1 map to 0 3dB 100 map to 30dB voip dsp cwtonepwr ch Set the call waiting tone power level 1 FXS 1 2 FXS 2 value 1 30 in 1 dB increments with 1 corresponding to 8 dBm voip dsp pstnringfxs 1 2 Enable or disable PSTN ring on FXS 1 FXS 2 1 meansFXS1 2 means FXS2 on off On means enable off means disable voip dsp relaydbounce...

Page 870: ...xoCY value It is used to apply FXO country settings 0 use system country 1 Taiwan 2 Germany 3 Sweden 4 France 5 Switzerland 6 Holland 7 Finland 8 Denmark 9 UK 10 Australia 12 Italy 14 Red_China 15 Singapore 17 Spain 18 Portugal 20 Poland 21 Czech 22 Hungary 23 Slovenia 25 Slovakia 37 Brasil 61 US voip dsp setfxoringl value It is used to configure detection ring voltage threshold to apply to FXO Av...

Page 871: ...K 3 USA 4 Denmark 5 Italy 6 Germany 7 Netherland s 8 Portugal 9 Sweden 10 Australia 11 Slovenia 12 Czech 13 Slovakia 14 Hungary 15 Switzerland 16 France 17 Malta Channel 1 current country tone user defined Dial tone Feq1 425 Feq2 0 OneOn 0 Off 0 TwoOn 0 TwoOff 0 Ringing tone Feq1 425 Feq2 0 OneOn 1500 OneOff 3000 TwoOn 0 TwoOff 0 Busy tone Feq1 425 Feq2 0 OneOn 200 OneOff 200 TwoOn 0 TwoOff 0 Chan...

Page 872: ...tion of single codec 1 means to Enable the function of single codec voip rtp dtmf index mode payloadtype value Set the DTMF mode and Payload type for DTMF Index SIP account index number Available number 1 12 Mode Four options to be selected 0 Inband 1 Outband 2 SIP INFO cisco 3 SIP INFO nortel Payloadtype Available settings 96 127 Value Type 0 3 or 96 127 based on the mode specified For example vo...

Page 873: ...scription voip sip acc Allows users to set SIP account n n 1 to 12 It means the index number of the VoIP settings P profile It means the name of the account profile maximum 11 characters r reg mode Set registration mode for SIP account 0 none 1 auto 2 wan1 only 3 wan2 only 4 lan vpn 5 PVC 6 wan3 only 7 wan4 only 8 wan1 first 9 wan2 first 10 wan3 first 11 wan4 first o port Set the port number for s...

Page 874: ...IP URL for call forwarding max 63 characters t sec Set call forwarding timer For example voip sip acc 1 t 30 g port Set the ring port for incoming call For example Port r1 means FXS1 r2 means FXS2 z pattern Set account ring pattern 1 6 i enable Remove all bindings while they are un registered 0 means Disable and 1 means Enable B enable Enable disable the function of Broadsoft Call Control 0 disabl...

Page 875: ...nable disable the function of calling line identification restriction CLIR 0 disable 1 enable u mode Set CLIR mode 0 means draft ietf sip privacy 1 means rfc 3323 3325 z enable Enable disable playing dial tone when registered on sip server 0 disable 1 enable n enable Enable disable session timer 0 disable 1 enable m sec Set the value for session timer unit sec R min max Set the flash hook time ran...

Page 876: ...nt identifies itself with a string this command allows you to set the value e g IP address phone number e mail address of User Agent The length of the string must be less than 64 characters D disable Disable VoIP Service 1 disable VoIP service 0 enable VoIP service System will automatic reboot to activate voip service v View current status for miscellaneous settings voip sip nat Allows users to se...

Page 877: ... nt ta ax x voip secure general command parameter S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description voip secure general e Enable disable secure phone feature 0 disable 1 enable voip secure general p Enable disable SAS voice prompt 0 disable 1 enable voip secure general v view only secure phone general settings E Ex xa am mp pl le e voip secure general v secure phone featur...

Page 878: ...chosen DH group for aggressive mode pfs It means perfect forward secrete on off It means to turn on or off the PFS function phase1 It means phase 1 of IKE lifetime It means the lifetime value in second for phase 1 and phase 2 phase2 It means phase 2 of IKE E Ex xa am mp pl le e VPN l2lset 1 peerid 10226 T Te el ln ne et t C Co om mm ma an nd d v vp pn n d di in ns se et t This command allows users...

Page 879: ...ord Idle Timeout 300 sec vpn dinset 1 on set profile active vpn dinset 1 motp on Enable Mobile OTP mode vpn dinset 1 pin_secret 1234 e759bb6f0e94c7ab4fe6 vpn dinset 1 Dial in profile index 1 Profile Name Status Active Mobile OTP Enabled PIN 1234 Secret e759bb6f0e94c7ab4fe6 Idle Timeout 300 sec T Te el ln ne et t C Co om mm ma an nd d v vp pn n s su ub bn ne et t This command allows users to specif...

Page 880: ... index name l2tp_out ip usr pwd nip nmask Command of Dial In vpn setup index name dialin ip usr pwd key nip nmask S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description For PPTP Dial Out index It means the index number of the profile name It means the name of the profile ip It means the IP address to dial to usr pwd It means the user and the password required for the PPTP conne...

Page 881: ... the password required for the PPTP L2TP connection key It means the value of IPsec Pre Shared Key nip nmask It means the remote network IP and the mask e g vpn setup 1 name1 dialin 1 2 3 4 vigor 1234 abc 192 168 1 0 255 255 255 0 E Ex xa am mp pl le e vpn setup 1 name1 dialin 1 2 3 4 vigor 1234 abc 192 168 1 0 255 255 255 0 Profile Change Log Profile Index 1 Profile Name name1 Username vigor Pass...

Page 882: ...e It means Always on and Idle Time out Available values include 1 it means always on for dial out 0 it means always on for dial in Other numbers e g idle 200 idle 300 idle 500 mean the router will be idle after the interval seconds configured here palive It means to enable PING to keep alive 1 disable the function 1 2 3 4 Enable the function and PING IP 1 2 3 4 to keep alive For Dial Out Settings ...

Page 883: ...E Local ID ikeid vigor means Set Local ID vigor For Dial In Settings itype It means Allowed Dial In Type Available settings include itype t means PPTP itype s means IPSec itype L1 means L2TP None itype L1 means L2TP Nice to Have itype l2 means L2TP Must peer It means specify Peer VPN Server IP for Remote VPN Gateway Type 203 12 23 48 means to allow VPN dial in with IP address of 203 12 23 48 Type ...

Page 884: ...t Route mode mode n means to set NAT mode droute It means to Change default route to this VPN tunnel Only single WAN supports this droute on off means to enable disable the function E Ex xa am mp pl le e vpn option 1 idle 250 Change Log Idle Timeout 250 T Te el ln ne et t C Co om mm ma an nd d v vp pn n m mr ro ou ut te e This command allows users to list add or delete static routes for a certain ...

Page 885: ...profile com It means to list common settings of the specified profile out It means to list dial out settings of the specified profile in It means to list dial in settings of the specified profile net It means to list Network Settings of the specified profile index It means the index number of the profile Available index numbers 1 32 E Ex xa am mp pl le e vpn list 32 all Common Settings Profile Nam...

Page 886: ... Sy yn nt ta ax x vpn remote PPTP IPSec L2TP on off S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description PPTP IPSec L2TP There are four types to be selected on off on enable VPN remote setting off disable VPN remote setting E Ex xa am mp pl le e vpn remote PPTP on Set PPTP VPN Service On Please restart the router T Te el ln ne et t C Co om mm ma an nd d v vp pn n 2 2n nd ds s...

Page 887: ...me Member SrcIp A B DstI p A B DstPort A B Proto Frag vpn trunk bind insert After_BindIndex ACT TrunkName Member SrcIp A B DstIp A B DstPort A B Proto Frag vpn trunk SetGre show Dialout_Index vpn trunk SetGre Active In active Dialout_Index GRE_MyIP GRE_PeerIP Logical_Traffic vpn trunk An_Gre GreIPsecAnalyze ON OFF S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description show_usab...

Page 888: ...the speed must be based on given ratio Member 1 Inidcate the first LAN to LAN profile Member 2 Indicate the second LAN to LAN proifle lb algorithm name Fastest Such command is to configure the algorithm with fastest mode of Load Balance Most of traffics will be led to the channel with the fastest connection name Specify the name of the VPN trunk bind usage BindIndex Display detailed information fo...

Page 889: ... 1 255 DstPort A B Specify the destination port range 1 65535 Proto Specify the protocol 0 any 1 ICMP 2 IGMP 6 TCP 17 UDP 255 TCP UDP Frag ON means to bind the fragmented packet OFF means not to care It is the default setting SetGre show Dialout_Index Display the GRE over IPSec settings in specified LAN to LAN profile Dialout_Index Index number of the LAN to LAN dial out profile SetGre Active In a...

Page 890: ...OFF VPN Load Balance Tunnel Bind Table Index 1 detail Action ACTIVE Trunk Profile 000 Name comp Binding Dial Out Index 2 Binding Src IP 192 168 10 1 192 168 10 2 Binding Dest IP 192 168 99 1 192 168 99 254 Binding Dest Port 1 65535 Binding Fragmented NO Binding Protocol ANY Protocol T Te el ln ne et t C Co om mm ma an nd d v vp pn n N Ne et tB Bi io os s This command allows users to enable or disa...

Page 891: ...S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description show It means to display current setting status default TCP maximum segment size for all the VPN connection will be set as 1360 bytes set Use it to specify the connection type and value of MSS connection type 1 4 represent various type 1 PPTP 2 L2TP 3 IPSec 4 L2TP over IPSec TCP maximum segment size range Each type has diff...

Page 892: ... ax x vpn Multicast set H2l L2l index Block Pass S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description H2l L2l H2l means Host to LAN Remote Access User Accounts L2l means LAN to LAN Profile index The index number of the profile Block Pass Set Block Pass the Multicast Packets The default is Block E Ex xa am mp pl le e vpn Multicast set L2l 1 Pass Lan to Lan Profile Index 1 Stat...

Page 893: ...NAT off the packets cannot pass through NAT E Ex xa am mp pl le e vpn pass2nat on Packets would go through by NAT when VPN disconnect T Te el ln ne et t C Co om mm ma an nd d v vp pn n s sa am me eS Su ub bn ne et t This command allows users to build VPN between clients via virtual subnet S Sy yn nt ta ax x vpn sameSubnet i value vpn sameSubnet E 0 1 vpn sameSubnet e value vpn sameSubnet I xxx xxx...

Page 894: ...u WAN interface number MRU size S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description WAN interface number Type a number to represent the physical interface For Vigor130 the number is 1 which means WAN1 MRU size It means the number of PPP LCP MRU The available range is from 1400 to 1600 E Ex xa am mp pl le e wan ppp_mru 1 Now 1492 wan ppp_mru 1 1490 wan ppp_mru 1 Now 1490 wan ...

Page 895: ...ta ax x wan dns wan_no dns_select ipv4_addr S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description wan_no Select WAN interface 1 WAN1 2 WAN2 dns_select Specify primary and or secondary DNS server pri It means primary DNS server sec It means secondary DNS server ipv4_addr Type the IP address of DNS server E Ex xa am mp pl le e wan dns 1 pri 168 95 1 1 Set WAN1 primary DNS done N...

Page 896: ...able or disable the function of WAN forwarding The packets are allowed to be transmitted between different WANs S Sy yn nt ta ax x wan forward on wan forward off S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description on off It means to enable or disable WAN forward E Ex xa am mp pl le e wan forward WAN forwarding is Disable wan forward on WAN forwarding is enable T Te el ln ne ...

Page 897: ...ing wan modem paponly on off wan modem backup_wait value wan modem pipe Int Din Dout for USB WAN3 only wan modem wakeup on off value for USB WAN3 only wan modem vid id wan modem pid id wan modem status S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description init Set initial modem AT command default value is AT FE0V1X1 D2 C1S0 0 Init2 Set the second initial modem AT command dial ...

Page 898: ...st Fail Message Current Connect Stage T Te el ln ne et t C Co om mm ma an nd d w wa an n w wi im ma ax x This command allows you to enable or disable WAN 3G 4G DHCP mode for Vigor router S Sy yn nt ta ax x wan wimax on off S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description On It means to enable WAN 3G 4G DHCP mode off It means to disable WAN 3G 4G DHCP mode E Ex xa am mp pl...

Page 899: ...disable 1 enable h hour Set the refresh hour m 0 1 2 Set SMS quota refresh mode 0 None 1 monthly 2 periodically n number Set SMS quota The avaible number is between 1 and 1000000 s 0 1 Set whether to stop sending SMS after SMS quota exceeded 0 no 1 yes read Display information of an SMS in the LTE SIM card by specifying the index number Use all to display all reboot Set settings of Reboot on SMS M...

Page 900: ...hether to reply with Router system uptime 0 no 1 yes v 0 1 Set whether to reply with Router firmware version 0 no 1 yes x number Set the first phone number in Access Control List y number Set the second phone number in Access Control List z number Set the third phone number in Access Control List send Send an SMS message to the specified phone number through the LTE SIM card stus Display status of...

Page 901: ... detection default always_on Disable link detect always connected only support static IP target Set the ping target Target2 Set the secondary ping target Target_gw Set whether to use gateway as ping target 1 yes 0 no Note that USB WAN PPP mode cannot support PING gateway ip addr It means the IP address used for detection Type an IP address in this field ttl It means to set the ping TTL value work ...

Page 902: ...able Disable for each WAN to join auto load balance member S Sy yn nt ta ax x wan lb wan1 wan2 on wan lb wan1 wan2 off wan lb status S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description wan1 wan2 Specify which WAN will be applied with load balance on Make WAN interface as the member of load balance off Cancel WAN interface as the member of load balance status Show the current...

Page 903: ... channel clear It means to turn off clear the port tag tag_no It means to tag a number for the VLAN 1 No need to add tag number 1 4095 Available setting numbers used as tagged number service type It means to specify the service type for VLAN 0 Normal 1 IGMP vlan priority It means to specify the priority for the VALN setting Range is from 0 to 7 px It means LAN port Available setting number is from...

Page 904: ... Channel 8 uplink ifno 3 Channel 9 uplink ifno 3 T Te el ln ne et t C Co om mm ma an nd d w wa an n v vl la an n This command allows you to configure the VLAN tag of WAN1 or WAN2 S Sy yn nt ta ax x wan vlan wan tag value wan vlan wan enable disable wan vlan stat S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description wan Specify which WAN interface will be tagged tag value Type ...

Page 905: ...e VLAN tag stat Display the setting status E Ex xa am mp pl le e wan phyvlan wan 1 tag 22 Set physical port tag to 22 for WAN1 Set physical port tag to 22 for WAN1 You need to reboot router making config effective DrayTek wan phyvlan stat Interface Pri Tag Enabled WAN1 0 22 WAN2 0 0 T Te el ln ne et t C Co om mm ma an nd d w wa an n b bu ud dg ge et t This command allows you determine the data tra...

Page 906: ...ction bitmap Type a total number of actions to be executed Different numbers represent different actions 1 shotdown wan 2 send mail alert 4 send sms alert For example if you type 5 5 1 4 the system will send SMS alert when WAN shotdown is detected status Display current configuration status of WAN budget E Ex xa am mp pl le e wan budget wan 1 action 5 WAN 1 budget action set to 5 wan budget wan 1 ...

Page 907: ...ress IPv6 address Type the IPv6 address of the target s base_size Specify the size of MTU base_size Available setting is 1000 1500 E Ex xa am mp pl le e wan detect_mtu6 w 2 i 2404 6800 4008 c06 5e s 1500 T Te el ln ne et t C Co om mm ma an nd d f fa ai il lo ov ve er r This command is used to configure failover WAN S Sy yn nt ta ax x wan failover off index wan failover on 1 2 3 4 5 6 wan failover ...

Page 908: ...hold Traffic Download Threshold 50 Kbps Traffic Upload Threshold 20 Kbps wan failover show 3 wan3 Active Mode Always ON T Te el ln ne et t C Co om mm ma an nd d h hs sp po or rt ta al l s se et tu up p This command is used to configure a profile Hotspot Web Portal with specified URL for accessing into or display a message when a wireless LAN user connects to Internet through this router S Sy yn nt...

Page 909: ...Number of profile 1 2 3 4 o Clear profiles for all clients E Ex xa am mp pl le e hsportal p 1 c Reset profile 1 OK hsportal p 1 r 0 Profile 1 set landing page mode 0 OK hsportal p 2 g 1 k app_key_google Profile 2 set google login enabled OK Profile 2 set API KEY OK T Te el ln ne et t C Co om mm ma an nd d h hs sp po or rt ta al l i in nf fo o This command is used to enable disable database notific...

Page 910: ...AC wl acl mode ssid1 ssid2 ssid3 ssid4 white black wl acl show wl acl showmode wl acl clean S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description enable ssid1 ssid2 ssid3 ssid4 It means to enable the settings for SSID1 SSID2 SSID3 and SSID4 disable ssid1 ssid2 ssid3 ssid4 It means to disable the settings for SSID1 SSID2 SSID3 and SSID4 add MAC ssid1 ssid2 ssid3 ssid4 isolate I...

Page 911: ...figure general settings and security settings for wireless connection S Sy yn nt ta ax x wl config mode value wl config mode show wl config channel number wl config preamble enable wl config txburst enable wl config ssid ssid_num enable ssid_name hidden_ssid wl config security SSID_NUMBER mode wl config ratectl ssid_num enable upload download wl config isolate ssid_num lan member S Sy yn nt ta ax ...

Page 912: ...SSID4 mode Available settings are disable No security wpa1x WPA 802 1x Only wpa21x WPA2 802 1x Only wpamix1x Mixed WPA WPA2 802 1x only wep1x WEP 802 1x Only wpapsk WPA PSK wpa2psk WPA2 PSK wpamixpsk Mixed WPA WPA2 PSK wep WEP key index Moreover you have to add keys for wpapsk wpa2psk wpamixpsk and wep and specify index number of schedule profiles to be followed by the wireless connection WEP keys...

Page 913: ...d d w wl l s se et t This command allows users to configure basic wireless settings S Sy yn nt ta ax x wl set SSID CHAN En wl set txburst enable S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description SSID It means to type the SSID for the router The maximum character that you can use is 32 CHAN En It means to specify required channel for the router CHAN The range for the number...

Page 914: ...wl scan show 0 1 2 3 S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description start It means to start AP scanning set wlist blist stime MAC Set white list block list scan time wlist It means to set white list for passing MAC address must be added in the end e g wl scan set wlist 001122aabbcc blist It means to set black list for blocking MAC address must be added in the end stime ...

Page 915: ...enable disable the station management control ssid_num It means channel selection Available channel for 2 4G 0 1 2 3 Available channel for 5G 4 5 6 7 show It means to display status or configuration of the selected channel c It means connection time The unit is minute r It means reconnection time The unit is minute E Ex xa am mp pl le e wl stamgt enable 1 Station Management Status enabled wl stamg...

Page 916: ...PA2 Only 3 means WPA Only E Ex xa am mp pl le e wl wpa 1 T Te el ln ne et t C Co om mm ma an nd d w wl l w wm mm m This command allows users to set WMM for wireless connection It defines the priority levels for four access categories derived from 802 1d prioritization tabs S Sy yn nt ta ax x wl wmm ap QueIdx Aifsn Cwmin Cwmax Txop ACM wl wmm bss QueIdx Aifsn Cwmin Cwmax Txop ACM wl wmm ack Que0_Ac...

Page 917: ... ACM It can restrict stations from using specific category class if it is enabled 0 disable 1 enable E Ex xa am mp pl le e wl wmm ap 0 3 4 6 0 0 QueIdx 0 APAifsn 3 APCwmin 4 APCwmax 6 APTxop 0 APACM 0 wl wmm enable 1 0 1 0 WMM_SSID0 1 WMM_SSID1 0 WMM_SSID2 1 WMM_SSID3 0 wl wmm show Enable WMM SSID0 1 SSID1 0 SSID2 1 SSID3 0 APSD 0 QueIdx 0 APAifsn 3 APCwmin 4 APCwmax 6 APTxop 0 APACM 0 QueIdx 1 AP...

Page 918: ... for GI_800 and 1 for GI_4001 wl ht badecline value The value you can type is 0 for disabling and 1 for enabling wl ht autoba value The value you can type is 0 for disabling and 1 for enabling wl ht rdg value The value you can type is 0 for disabling and 1 for enabling wl ht msdu value The value you can type is 0 for disabling and 1 for enabling wl ht txpower value The value you can type ranges fr...

Page 919: ...ttings are d Disable b Bridge r Repeapter security value It means to configure security mode with encrypted keys for WDS mode Available settings are disable No security wep WEP wpapsk key WPA PSK wpa2psk key WPA2 PSK key Moreover you have to add keys for wpapsk wpa2psk and wep and specify index number of schedule profiles to be followed by the wireless connection WEP keys must be in 5 13 ASCII tex...

Page 920: ...pcli show wl apcli enable 1 0 wl apcli security mode wl apcli ssid ssid_name wl apcli bssid mac address S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description show Display current status of wireless AP client enable 1 0 It means to enable wireless 2 4GHz AP client mode 1 enable 0 disable security mode There are several modes to be selected Disable disable the security settings ...

Page 921: ...his command allows you to enable or disable wireless button control S Sy yn nt ta ax x wl btnctl value S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description value 0 disable 1 enable E Ex xa am mp pl le e wl btnctl 1 Enable wireless botton control Current wireless botton control is on T Te el ln ne et t C Co om mm ma an nd d w wl l i iw wp pr ri iv v These command is reserved f...

Page 922: ... 802 1X type is Local 802 1X T Te el ln ne et t C Co om mm ma an nd d w wl l b bn nd ds st tr rg g This command allows users to configure settings for Band Steering 2 4GHz S Sy yn nt ta ax x wl bndstrg show wl bndstrg enable 1 0 wl bndstrg chk_time value S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description show Display current status for Band Steering function enable 1 0 It m...

Page 923: ...e Set a threshold when the active station number achieves this number the airtime fairness function will be applied Available values will be 2 to 64 show Display current status enable or disable and triggering client number for airtime fairness function E Ex xa am mp pl le e wl artfns enable 1 wl artfns trg_num 3 wl artfns show airtime fairness enable trg_num 3 T Te el ln ne et t C Co om mm ma an ...

Page 924: ... dual acl showmode wl dual acl clear S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description enable ssid1 ssid2 ssid3 ssid4 It means to enable the settings for SSID1 SSID2 SSID3 and SSID4 disable ssid1 ssid2 ssid3 ssid4 It means to disable the settings for SSID1 SSID2 SSID3 and SSID4 add MAC ssid1 ssid2 ssid3 ssid4 isolate It means to associate a MAC address to certain SSID inte...

Page 925: ...ress Associated SSIDs 0 s 00 50 70 ff 12 80 ssid1 ssid2 s Isolate the station from LAN T Te el ln ne et t C Co om mm ma an nd d w wl l_ _d du ua al l a ap ps sc ca an n This command is used to scan Access Point installed near the location of Vigor router S Sy yn nt ta ax x wl_dual apscan start wl_dual apscan show S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description start It m...

Page 926: ... ssid_num enable upload download wl_dual config ratectl show wl_dual config isolate lan ssid_num enable wl_dual config isolate member ssid_num enable wl_dual config isolate vpn ssid_num enable wl_dual config isolate show S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description enable value It means to enable disable the 5GHz wireless function 1 enable 0 disable show It means to d...

Page 927: ... control for data upload The unit is kbps download It means to configure the rate control for data download The unit is kbps example wl dual config ratectl 1 1 25 25 ratectl show It means to display the data transmission rate upload and download for SSID1 SSID2 SSID3 and SSID4 isolate lan ssid_num enable It means to isolate the wireless connection from LAN It can make the wireless clients stations...

Page 928: ...urity settings for the wireless connection 5GHz S Sy yn nt ta ax x wl_dual security SSID_NUMBER mode key index wl_dual security show S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description Security SSID_NUMBER mode key index SSID_NUMBER Type 1 2 3 or 4 to specify SSID1 SSID2 SSID3 or SSID4 mode Available settings are disable No security wpa1x WPA 802 1x Only wpa21x WPA2 802 1x O...

Page 929: ...h accessing Internet via Vigor router S Sy yn nt ta ax x wl dual stalist E Ex xa am mp pl le e wl_dual stalist 5G Wireless Station List Index Status IP Address MAC Address Associated with Status Codes C Connected No encryption E Connected WEP P Connected WPA A Connected WPA2 B Blocked by Access Control N Connecting F Fail to pass WPA PSK authentication T Te el ln ne et t C Co om mm ma an nd d w wl...

Page 930: ...e in 8 63 ASCII text string or 64 Hexadecimal digit format e g wl_dual wds security disable wl_dual wds security wep 12345 wl_dual wds security wpa2psk 12345678 ap value It means to enable or disable the AP function Value 1 enable the function 0 disable the function hello value It means to send hello message to remote end peer Value 1 enable the function 0 disable the function status It means to d...

Page 931: ...lease restart router after you set the parameters T Te el ln ne et t C Co om mm ma an nd d w wl l_ _d du ua al l w wp ps s This command allows users to configure WPS for wireless connection 5GHz S Sy yn nt ta ax x wl_dual wps enable value wl dual wps pbc wl_dual wps pin code wl_dual wps show S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description enable value It means to enable ...

Page 932: ... Indicate the external RADIUS server 1 Indicate the local 802 1x server v View the settings of 802 1x E Ex xa am mp pl le e wl_dual set8021x t 1 Note Please restart 5G wireless after you set the parameters wl_dual set8021x v 802 1X type is Local 802 1X T Te el ln ne et t C Co om mm ma an nd d w wl l_ _d du ua al l a ap pc cl li i This command allows users to configure AP client mode for wireless c...

Page 933: ...he SSID for wireless 5GHz AP client bssid Type the MAC address for wireless 5GHz AP client E Ex xa am mp pl le e wl_dual apcli enable 1 Wireless 5G AP Clinet is enabled Vigor wl_dual apcli show Wireless 5G AP Clinet is enabled Current SSID is Security Mode disable Wireless 5G client is disconnected data rate mode signal 0 wl_dual apcli ssid carrie Note Please restart wireless 5g after you set the ...

Page 934: ...d du ua al l d dr ra ay yr rs s This command allows the user to configure settings for Roaming for wireless clients S Sy yn nt ta ax x wl_dual drayrs set mode rs_low rs_low_security delta wl_dual drayrs restart wl_dual drayrs show S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description set mode rs_low rs_low_security delta Select a mode for roaming 0 disable 1 Strictly Minimum R...

Page 935: ...5 Default value is 1812 set_auth_method method idx Specify which method will be used for authentication Method idx 0 is Only PAP 1 is PAP CHAP MS CHAP MS CHAPv2 client add Specify a client to be authenticated by RADIUS server by typing required information as follows i address client IPv4 address domain m mask client IPv4 mask p prefix client IPv6 prefix l length client IPv6 prefix length s secret...

Page 936: ... server built in Vigor router S Sy yn nt ta ax x local_8021x enable 0 1 local_8021x set_localdot1x_phase1 options local_8021x set_localdot1x_phase2 options local_8021x show S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description enable Enable or disable the configuration 0 disable 1 enable set_localdot1x_phase1 Only support PEAP now The method_idx for such phase1 is 1 set_locald...

Page 937: ...ost If you want to wake up LAN host by using IP address be sure that that IP address has been bound with the MAC address IP BindMAC on off any It means to enable or disable the function of WOL from WAN on enable off disable any It means any source IP address can pass through NAT and wake up the LAN client This command will allow the user to choose whether WoL packets can be passed from the Interne...

Page 938: ...o pass l all l userl l ip Show online user all all of the users will be displayed on the screen user name type the user name that you want to view on the screen ip type the IP address that you want to view on the screen o It means to show user account information e g o c user name c all Clear the user record user name type the user name that you want to get clear corresponding record all all of th...

Page 939: ... g q 200 r It means to set data quota e g r 1000 w It means to specify the data quota unit MB GB e g w MB s It means to set schedule index Available settings are sch_idx1 sch_idx2 sch_idx3 and sch_idx4 m It means to set the maximum login user number e g m 200 x It means to set external server authentication 0 None 1 LDAP 2 Radius 3 TACAS e g x 2 v It means to view user profile s User account USER_...

Page 940: ...able and untraceable based on their properties v It means to view the content of all traceable APs Use appqos traceable v to display all of the traceable APS with speficed index number Use appqos untraceable v to display all of the untraceable APS with speficed index number e It menas to enable QoS for application s and assign QoS class AP_INDEX Each index number represents one application Index n...

Page 941: ...e el ln ne et t C Co om mm ma an nd d a ap pm m e en na ab bl le e d di is sa ab bl le e s sh ho ow w c cl le ea ar r d di is sc co ov ve er r q qu ue er ry y The apm command s is use to display remove discover or query the information of VigorAP registered to Vigor2926 S Sy yn nt ta ax x apm enable apm disable apm show apm clear apm discover apm query S Sy yn nt ta ax x D De es sc cr ri ip pt ti ...

Page 942: ...ed reset It is used to reset to factory settings for WLAN profile summary It is used to list all of the APM profiles with required information show It is used to display specified APM profile apply It is used to apply the selected APM profile onto specified VigorAP from index Type an index number in this field It is the original APM profile to be cloned to other APM profile to index Type an index ...

Page 943: ...le e apm cache show MAC Name Auth T Te el ln ne et t C Co om mm ma an nd d a ap pm m l lb bc cf fg g This command allows to set parameters related to AP management control S Sy yn nt ta ax x apm lbcfg set value apm lbcfg show S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description set It means to set the load balance configuration file for APM Show It shows the configuration val...

Page 944: ... the unit of traffic limit for upload 1 Mbps 0 kbps 10 The tenth number means to determine the unit of traffic limit for download 1 Mbps 0 kbps E Ex xa am mp pl le e apm lbcfg show apm LoadBalance Config 1 Enable LoadBalance 0 2 Enable station limit 0 3 Enable traffic limit 0 4 limit Number 64 5 Upload limit 0 6 Download limit 0 7 Enable disassociation by idle time 0 8 Enable disassociation by Sig...

Page 945: ...can show apm napdetect set 1 1 wl scan show 3 Sta Ch SSID BSSID BssType Security Siganl Beacon Period First Detected Last Detected 11 DrayTek LAN B 02 1d aa 4c bd a8 AP Mixed 26 100 11 DrayTek LAN A 00 1d aa 4f bd a8 AP Mixed 42 100 Dec 09 10 35 44 Dec 09 10 35 44 T Te el ln ne et t C Co om mm ma an nd d a ap pm m a ap ps sy ys sl lo og g This command is used to display the AP syslog data coming f...

Page 946: ..._01daa902080 Get Rogue AP Detection Data from AP Success T Te el ln ne et t C Co om mm ma an nd d a ap pm m s st ta an nu um m This command is used to display the total number of the wireless clients no matter what mode of wireless connection 2 4G WLAN or 5G WLAN used by wireless clients to access into Internet through VigorAP S Sy yn nt ta ax x apm stanum AP_Index S Sy yn nt ta ax x D De es sc cr...

Page 947: ...erface Specify the management interface Interface LAN1 LAN6 DMZ s It means to get the newest status of other router except the local router y It means sync local config to other router Primary can executes this command Secondary can not execute this commad c 1 0 Enable or disable the function of Config Sync 1 Enable 0 Disable I M H D interval Set the Config Sync Interval for HA Minimum interval is...

Page 948: ...Method Active Standby Group ID 1 Priority ID 10 Preempt Mode Enable Update DDNS Disable Management Interface LAN1 Authentication Key draytek Syslog OFF Index Enable Virtual IP LAN1 On 192 168 1 0 LAN2 0 0 0 0 LAN3 0 0 0 0 LAN4 0 0 0 0 LAN5 0 0 0 0 LAN6 0 0 0 0 DMZ 0 0 0 0 Index Enable Virtual IPv6 LAN1 On FE80 200 5EFF FE00 101 LAN2 On FE80 200 5EFF FE00 101 LAN3 On FE80 200 5EFF FE00 101 LAN4 On ...

Page 949: ...FE80 200 5EFF FE00 101 ON DMZ FE80 200 5EFF FE00 101 Config Sync Disable Config Sync Interval 0 Day 0 Hour 15 Minute Cached Time 0 s T Te el ln ne et t C Co om mm ma an nd d s sw wm m s sh ho ow w This command is used to display general setting of of VigorSwitch which connecting to Vigor router in LAN S Sy yn nt ta ax x swm show LAN_port S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Paramet...

Page 950: ... T Te el ln ne et t C Co om mm ma an nd d s sw wm m p po os st t This command is used to transfer switch configuration to VigorSwitch which connecting to Vigor router in LAN S Sy yn nt ta ax x swm post MAC S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description MAC Specify the MAC address of the switch E Ex xa am mp pl le e swm post 00507ff0c33c Start post cfg to 00507ff0c33c ex...

Page 951: ...t post cfg to LAN 1 external switch with currect settings post cfg Please wait a few seconds Result OK System will cover the original VLAN settings on your VigorSwitch Please backup the configuration file before you run this function System also will select the physical connect port as trunk port and let it join each VLAN group Before using such command please use swm show to check valid VLAN inde...

Page 952: ...swm group set 1 switchvlan 1 123456 swm group show Index Group Name Passwd Flag Member Switch 1 switchvlan 1 P2261 192 168 1 226 2 0 3 0 4 0 5 0 6 0 7 0 8 0 9 0 10 0 Name IP Address MAC P2261 192 168 1 226 00507ff0c33c T Te el ln ne et t C Co om mm ma an nd d s sw wm m p pr ro of fi il le e This command is used to set switch profile for adding it to be managed by Vigor router or removing it from V...

Page 953: ...show MAC swm detail port MAC PORT FLAG SCHED1 SCHED2 DESCRIPTION S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description MAC COMMENT Modify the comment of VigorSwitch MAC Type the MAC address of the switch COMMENT Type a description for the switch MAC NAME Modify the name of VigorSwitch MAC Type the MAC address of the switch NAME Type a name for the switch MAC PASSWD Modify the ...

Page 954: ...wm maintain show Name IP Address MAC Model P2261 192 168 1 226 00507ff0c33c P2261 swm maintain reset 00507ff0c33c Preparing to reset Please wait for few minutes and do not turn off power T Te el ln ne et t C Co om mm ma an nd d s sw wm m s se ea ar rc ch h This command is used to searh VigorSwitch managed by Vigor router S Sy yn nt ta ax x swm search mac MAC swm search ip IP swm search description...

Page 955: ...Send notification alert action S B Set the action for stop or backup database while ecountering alert event S Stop recording urser information B Backup and clean up all user info and start a new record alert sms IDX Set object for SMS alert notification IDX It menas the index number of availabe object profile Range is 1 64 alert mail IDX Set object for mail alert notification IDX It menas the inde...

Page 956: ...igured available range 1 8 O R N O means orange R means red N means white set idx notif e d Enable disable the notification action for certain profile Idx Indicate profile to be configured available range 1 8 e d Enable disable the mechanism for sending the notification set idx obj object idx object value Set notifiction by SMS or E mail thorugh the object profile selelcted for specified profile I...

Page 957: ...x En Dis Level Color Create Log Send Notification 1 4 1 En No Alert No Color Disable Disable 0 0 0 0 2 En Minor Alert No Color Enable Disable 0 0 0 0 3 En Moderate Alert Orange Enable Disable 1 1 1 1 4 En Major Alert Red Enable Disable 1 1 1 1 5 Dis No Color Disable Disable 1 1 1 1 6 Dis No Color Disable Disable 1 1 1 1 7 Dis No Color Disable Disable 1 1 1 1 8 Dis No Color Enable Disable 1 1 1 1 N...

Page 958: ...address of the VigorSwitch E Ex xa am mp pl le e swm log set type 1 on swm log set level 1 on swm log show weekTotal Logs 0 swm log show filter Index Status Level En Dis 1 on No Alert En 2 off Minor Alert En 3 off Moderate Alert En 4 off Major Alert En 5 off Dis 6 off Dis 7 off Dis 8 off Dis Index Status Type 1 on Port Alert 2 off Switch Alert Index Status Switch Name Model Mac Address T Te el ln ...

Page 959: ...h to display SNMP port interface information E Ex xa am mp pl le e swm snmp sys 00507ff0c33c sysDescr 20 Port 10 100 1000Base T 4 TP 100 1G SFP Combo 2 100 1G SFP Po E L2 Plus Managed Switch sysObjectID 1 3 6 1 4 1 5205 2 61 sysUpTime 24 hr 8 m 46 s sysContact sysName P2261 sysLocation sysServices 3 ifNumber 26 ...

Page 960: ...3 AH 313 Airtime Fairness 257 Always On 64 70 81 83 84 85 86 87 89 91 Anonymous 171 Antenna 253 Antenna Installation 4 AP Discovery 256 AP Maintenance 521 529 AP Map 521 530 APN Name 76 77 79 APP Enforcement 369 APP Enforcement Filter 390 APP Enforcement Profile 391 APP QoS 466 APPE Module Version 395 APPE Signature Upgrade 395 Applications 153 Applied Interfaces 137 Apply the Class Rule 138 APSD ...

Page 961: ...figure via Push Button 247 Connection Management 334 Connection Type 157 Connectivity 57 Country Code 254 CPE Management 504 CSM 390 CSV file 558 560 Current System Time 164 D Dashboard 26 522 Data Coding Scheme 225 Data Filter 364 Data Flow Monitor 609 Data Quota 484 DataType 66 114 Daylight Saving 440 Days in a week 165 Default Lifetime 123 Default MAC Address 69 71 Default Preference 123 Defaul...

Page 962: ...S Account 156 E Each Shared 458 Enable PING to keep alive 70 End IPv6 Address 122 End Port 149 ESP 313 Event Code 425 Event Log 537 Extension WAN 123 External Devices 553 External RADIUS 166 External TACACS 169 F Failover 62 64 Failover to Failback 195 File Explorer 589 File Extension Object 571 Filter Setup 371 Firewall 364 Firmware Upgrade 449 Fixed IP 69 74 Force NAT Force Routing 203 Force Ove...

Page 963: ...Pv4 Mask Length 91 IPv6 Address 87 IPv6 Gateway Address 87 IPv6 Group 563 IPv6 Neighbour Table 604 IPv6 Object 561 IPv6 TSPC Status 616 Isolate 241 ISP Access Setup 67 73 K keep alive 316 Keep Alive Period 426 Keep WAN Connection 70 Keyword Group 570 Keyword Object 568 L LAN 111 LAN DNS DNS Forwarding 153 159 LAN General Setup 113 LAN Port Mirror 133 LAN Routed Prefix 89 LAN to LAN 314 Landing Pag...

Page 964: ...9 Next Server IP Address SIAddr 114 Non temporary Address 86 Notification Object 578 NS Detect 86 O Objects Settings 556 Online Statistics 460 OP Number 281 Open Ports 148 Operation Mode 252 Option Number 66 114 Override user management 137 P P2P 393 Packet OVERDRIVE 253 PAP 306 Password 67 71 73 79 83 84 Password Strength 243 429 Path MTU Discovery 68 71 73 78 80 Peer ID 304 Peer to Peer 267 Phon...

Page 965: ...7 R RADIUS 484 RADIUS TACACS 153 166 Rate Adaptation Algorithm 254 Rate Control 112 237 241 RDP 346 Reboot System 448 Recipient 177 178 Recipient Number 225 Redundancy Method 183 Regional 284 Registering Vigor Router 53 Regular DN 172 Regular Mode 171 Regular Password 172 Relay Agent 115 117 Remote Access Control 305 Remote Dial in User 311 Remote Endpoint IPv4 Address 89 Repeater 248 251 Replace ...

Page 966: ...rt List 594 SMB Path 346 SMS Mail Alert Service 177 SMS Alert 177 SMS Inbox 222 SMS Provider 177 SMS Quota Limit 220 SMS Mail Service Object 573 SNMP 441 Source IP 143 149 151 202 Speaker Gain 289 Specific Hosts 138 Specify Remote Node 312 SPI 365 SSID 237 SSL Application 345 SSL Tunnel 312 SSL VPN 341 SSL Web Proxy 343 Start IP Address 115 117 119 Start IPv6 Address 122 Start Port 149 Static IP 4...

Page 967: ...l Address ULA configuration 121 Update DDNS 184 UPnP 154 174 URL Access Control 399 URL Content Filter 369 390 URL Content Filter Profile 397 URL Redirect 136 USB 46 USB Application 585 USB Device Status 590 USB General Settings 586 USB User Management 587 User Account 347 User Group 351 485 User Management 477 User Online Status 486 User Password 429 User Profile 169 186 480 User Based 478 Userna...

Page 968: ...Bandwidth 461 WAN Interface 143 148 156 WAN IP Alias 69 71 74 WAN IP Network Settings 71 74 WAN Outbound Bandwidth 461 WAN Setup 95 WAN Type 92 93 94 WCF 2 WDS 248 Web Console 32 Web Content Filter 369 390 Web Content Filter Profile 401 Web Feature 400 Web Portal Setup 135 255 WEP 233 243 white black list 244 Wildcard 157 Wired 802 1x 134 Wireless LAN 231 Wireless Wizard 235 Wizard Mode 372 WLAN I...

Reviews:

No comments

Related manuals for Vigor2926

ADTRAN 617600026F1 Quick Start Manual preview
617600026F1
Brand: ADTRAN Pages: 9
ForeScout CounterACT Quick Installation Manual preview
CounterACT
Brand: ForeScout Pages: 28
BSD Networks bsg-0800t User Manual preview
bsg-0800t
Brand: BSD Networks Pages: 7
Aruba IntroSpect Analyzer 2 Series Quick Start Manual preview
IntroSpect Analyzer 2 Series
Brand: Aruba Pages: 5
Kramer RK-10MT Quick Start Manual preview
RK-10MT
Brand: Kramer Pages: 2
AMX NXF Dimensional Drawing preview
NXF
Brand: AMX Pages: 1
Comtrend Corporation AR-5319 User Manual preview
AR-5319
Brand: Comtrend Corporation Pages: 208
Dynamix DV-24 User Manual preview
DV-24
Brand: Dynamix Pages: 87
TRENDnet TEW-671BR Specifications preview
TEW-671BR
Brand: TRENDnet Pages: 3
Ezviz Vault Plus Quick Start Manual preview
Vault Plus
Brand: Ezviz Pages: 38
Waver Smart One WAC52G Quick Start Manual preview
Smart One WAC52G
Brand: Waver Pages: 36
Cabletron Systems TRMIM-10R Installation Manual preview
TRMIM-10R
Brand: Cabletron Systems Pages: 54
Cambium Networks PMP/PTP 450 Series Quick Start Manual preview
PMP/PTP 450 Series
Brand: Cambium Networks Pages: 155
Cambium Networks PTP 250 User Manual preview
PTP 250
Brand: Cambium Networks Pages: 228
Cambium Networks PTP 550 Series User Manual preview
PTP 550 Series
Brand: Cambium Networks Pages: 249
B&B Electronics Elinx EIR408-T Manual preview
Elinx EIR408-T
Brand: B&B Electronics Pages: 19
Westermo RedFox User Manual preview
RedFox
Brand: Westermo Pages: 20
D-Link mydlink DCH-S220 User Manual preview
mydlink DCH-S220
Brand: D-Link Pages: 35

Brands by name

Popular brands

Load more brands