Draytek Vigor3300 Series, User Manual

Page 1: ......

Page 2: ...Vigor3300 Series User s Guide ii Vigor 3300 Series Multi WAN Security Router User s Guide Version 3 0 Date 1 4 2009 ...

Page 3: ...ge without written permission from the copyright holders The scope of delivery and other details are subject to change without prior notice Trademarks The following trademarks are used in this document z Microsoft is a registered trademark of Microsoft Corp z Windows Windows 95 98 Me NT 2000 XP and Explorer are trademarks of Microsoft Corp z Apple and Mac OS are registered trademarks of Apple Inc ...

Page 4: ...atic Mode 15 2 2 2 DHCP Mode 17 2 2 3 PPPoE 19 2 2 4 PPTP 21 3 Advanced Configuration 23 3 1 System setup 23 3 1 1 Status 23 3 1 2 Time 27 3 1 3 Syslog 28 3 1 4 Access Control 29 3 1 5 Configuration Setup 30 3 1 6 Firmware Upgrade Setup 31 3 1 7 Reboot 34 3 1 8 Diagnostic Tools 35 3 2 Network Setup 38 3 2 1 WAN and Internet Access Setup 38 3 2 2 Load Balance Policy 47 3 2 3 Auto Load Balance 49 3 ...

Page 5: ... 7 5 Miscellaneous 134 3 7 6 Tone Settings 136 3 7 7 QoS 138 3 7 8 NAT Traversal 139 3 7 9 Incoming Call Barring 140 3 7 10 Call History 142 3 7 11 Tone Upload 143 3 7 12 Status 144 4 Trouble Shooting 147 4 1 Checking If the Hardware Status Is OK or Not 147 4 2 Checking If the Network Connection Settings on Your Computer Is OK or Not 148 4 3 Pinging the Router from Your Computer 151 4 4 Checking I...

Page 6: ... 1 FXS and FXO 174 5 2 2 Practical Application of FXS card with PBX 177 5 2 3 Practical Application of FXO card with PBX 177 5 2 4 VoIP Basic 178 5 2 5 VoIP Examples 183 5 2 6 Example 1 Basic Configuration and Registration 183 5 2 7 Example 2 Basic Calling Method 190 5 2 8 Example 3 VoIP over VPN 197 5 2 9 Example 4 Practical Application of FXS 203 5 2 10 Example 5 Practical Application of FXO 205...

Page 7: ...you to send data between two computers across a shared public Internet network in a manner that emulates the properties of a point to point private link The DrayTek Vigor3300 Series VPN router supports Internet industry standards technology to provide customers with open interoperable VPN solutions such as X 509 DHCP over Internet Protocol Security IPSec up to 200 tunnels and Point to Point Tunnel...

Page 8: ...rvice Provider The Vigor3300 Series also supports a backup function for WAN interfaces a user can select one WAN interface to be a backup interface If the master interface fails the backup interface will take the place of the master interface immediately Lastly the Vigor3300V has a DMZ function can be applied to any LAN or WAN interface 1 1 1 1 1 1 L LE ED D I In nd di ic ca at to or rs s a an nd ...

Page 9: ...link is established Blinking The data transmission is done through the corresponding port LNK Off No Ethernet link is established On It means that a normal 100Mbps connection is through its corresponding port 100 Off It means that a normal 10Mbps connection is through its corresponding port On It means a full duplex connection on corresponding port WAN DMZ 1 2 3 4 FDX Off It means a half duplex co...

Page 10: ... function is active QoS Off The QoS function is inactive On The Ethernet link is established on corresponding port LNK Off No Ethernet link is established On It means that a normal 100 Mbps connection is through its corresponding port 100M Off It means that a normal 10 Mbps connection is through its corresponding port On It means a full duplex connection on corresponding port WAN 2 3 1 FDX Off It ...

Page 11: ...h its corresponding port On It means a full duplex connection on corresponding port FDX Off It means a half duplex connection on corresponding port Interface Description Console Provided for technician use LAN P1 P4 Connecter for local networked devices WAN DMZ WAN1 WAN3 Connecter for remote networked devices ...

Page 12: ...K Off No Ethernet link is established On It means that a normal 100 Mbps connection is through its corresponding port 100M Off It means that a normal 10 Mbps connection is through its corresponding port On It means a full duplex connection on corresponding port WAN 2 3 1 FDX Off It means a half duplex connection on corresponding port On The Ethernet link is established Blinking The data transmissi...

Page 13: ...vices C Co on nn ne ec ct te er r S Sp pe ec ci if fi ic ca at ti io on n Auxiliary Cables Type Color Connected to Remarks Power Cord Black AC Outlet 90 264VAC Serial Console RS232 Grey PC RS232 port Ethernet LAN RJ 45 Blue Ethernet switch or hub Ethernet DMZ RJ 45 Blue Server Ethernet WAN1 RJ 45 Blue DSL Cable Fiber Modem Ethernet WAN2 RJ 45 Blue DSL Cable Fiber Modem Ethernet WAN3 RJ 45 Blue DSL...

Page 14: ...rts of Vigor3300 5 Connect the other end of the cable RJ 45 to the Ethernet port on your computer that device also can connect to other computers to form a small area network The LAN LED for that port on the front panel will light up 6 Connect a server modem router depends on your requirement to any available WAN port of the device with Ethernet cable RJ 45 The WAN LED will light up 7 Connect tele...

Page 15: ...sole port on the computer The default setting of the console port is baud rate 57600 no parity and 8 bit with 1 stop bit S St ta an nd da ar rd d 1 10 0 1 10 00 0 B Ba as se e T T E Et th he er rn ne et t I In nt te er rf fa ac ce e C Co on nn ne ec ct to or r RJ45 jets provide 10 100 Base T Ethernet interfaces The interface supports MDI MDIX auto detection of either straight or crossover RJ45 cab...

Page 16: ...sis can be installed in a rack by using four screws for each side of the rack D De es sk kt to op p T Ty yp pe e I In ns st ta al ll la at ti io on n Rubber pads are included with the Vigor3300 Series These rubber pads improve the air circulation and decrease unnecessary rubbing on the desktop ...

Page 17: ... have to access into the web browser with default password first 1 Make sure your computer connects to the router correctly Notice You may either simply set up your computer to get IP dynamically from the router or set up the IP address of the computer to be the same subnet as the default IP address of Vigor router 192 168 1 1 For the detailed information please refer to the later section Trouble ...

Page 18: ...Vigor3300 Series User s Guide 12 3 Now the Main Screen will pop up 4 Go to System page and choose Change Password 5 The following screen will appear ...

Page 19: ... Qu ui ic ck k S Se et tu up p Quick Setup is designed for configuring your broadband router accessing Internet with simply steps There are two phases of quick setup one is WAN configuration and the other is LAN configuration In the Quick Setup group you can configure the router to access the Internet with different modes such as Static DHCP PPPoE or PPTP modes For most users Internet access is th...

Page 20: ... you use a DSL subscriber service with a 2Mbps downstream please set the downstream rate setting with 2Mbps Upstream Rate Assign the transmission rate for this WAN interface The default value is 102400 kbps 100 Megabit This setting is very important for Vigor3300 Series outgoing buffer adjustment If you use a DSL subscriber service with a 256Kbps downstream please set the downstream rate setting w...

Page 21: ...mode you will see the following page All the settings here are set by privately Your ISP will not provide these settings IP Address Assign a private IP address to the WAN interface Subnet Mask Assign a subnet mask value to the WAN interface Default Gateway Assign a private IP address to the gateway Primary DNS Assign a private IP address to the primary DNS Secondary DNS Assign a private IP address...

Page 22: ...P server can use for clients in LAN End IP Assign the end IP address of the IP pool that DHCP sever can use for clients in LAN Primary DNS Type the IP address for primary DNS Secondary DNS Assign a private IP address to the secondary DNS Lease Time Min Set a lease time for the DHCP server The time unit is minute Gateway IP Optional Set a gateway IP address for the DHCP server When you finished the...

Page 23: ...in Name are required for some ISPs Simply click Next to setup LAN interface IP Address Assign an IP address for the LAN interface Subnet Mask Assign the subnet mask for the LAN interface Status Click Enable to use DHCP server click Disable to close DHCP server click Relay Agent to activate relay agent function Start IP Assign the start IP address of the IP pool that DHCP server can use for clients...

Page 24: ...he DHCP server Next click DHCP Relay Agent tab to set DHCP server if required WAN Interface Choose the WAN interface for such connection DHCP Server IP Address Assign an IP address for the DHCP server Next click IP Routing tab to set routing path for each WAN interface if required When you finished the above settings please click Finish A system reboot page will appear Click Apply to activate the ...

Page 25: ...Protocol over Ethernet connection please select PPPoE for this router to get the following page Enter the username and password provided by your ISP on the web page User Name Assign a specific valid user name provided by the ISP Password Assign a valid password provided by the ISP Authentication Select PAP CHAP MS CHAP or MS CHAP V2 protocol for PPP authentication The default value is PAP Service ...

Page 26: ...t DHCP server can use for clients in LAN End IP Assign the end IP address of the IP pool that DHCP sever can use for clients in LAN Primary DNS Type the IP address for primary DNS Secondary DNS Assign a private IP address to the secondary DNS Lease Time Min Set a lease time for the DHCP server The time unit is minute Gateway IP Optional Set a gateway IP address for the DHCP server When you finishe...

Page 27: ... Point Tunneling Protocol mode please select PPTP for this router Next enter the PPTP Subnet Mask e g 255 255 255 0 PPTP Local Address e g 10 66 99 88 and PPTP Server Address e g 172 66 99 88 provided by your ISP on the web page PPTP Local Address Assign a local IP address of PPTP PPTP Subnet Mask Assign a net mask value for IP address of PPTP PPTP Server Address Assign a remote IP address of PPTP...

Page 28: ...address of the IP pool that DHCP server can use for clients in LAN End IP Assign the end IP address of the IP pool that DHCP sever can use for clients in LAN Primary DNS Type the IP address for primary DNS Secondary DNS Assign a private IP address to the secondary DNS Lease Time Min Set a lease time for the DHCP server The time unit is minute Gateway IP Optional Set a gateway IP address for the DH...

Page 29: ...up Access Control Setup Reboot and Firmware Upgrade Setup Diagnostic Tools and Configuration Setup 3 3 1 1 1 1 S St ta at tu us s The online Status function provides some useful system information on the current status of the Vigor3300 Series A user can observe the system status on this Web page and determine which setting needed to be changed in corresponding web pages In the System group click t...

Page 30: ...ware Version Display the hardware version of the router Firmware Version Display the firmware version of the router Build Date Time Display the date and time of the current firmware build System Uptime Display the amount of time that the router has been online CPU Usage Display the average percentage of the CPU used Memory Size Display the size of the memory of this router Memory Usage Display the...

Page 31: ...hen it is enabled in Network High Availability When there are two Vigor3300 devices in the same LAN one can be set as Master device and the other can be set as Slave device Master It means that Vigor3300 plays the Master role in high availability feature Slave It means that Vigor3300 plays the Slave role in high availability feature If there is only one Vigor3300 used in LAN this line will be blan...

Page 32: ...ddress of the WAN interface MAC Address Display the MAC address of the WAN Interface Primary DNS Display the IP address of the primary DNS Secondary DNS Display the IP address of the secondary DNS Gateway Display the IP address of the default gateway RX Packets Display the total received packets for each WAN interface TX Packets Display the total transmitted packets for each WAN interface Connecti...

Page 33: ...rver or the remote PC host of the administrator In the System group click the Time option The Time page is shown below Use Browser Time Click this option to use the browser time from the remote administrator PC host as router s system time Use NTP Time Click this option to use the time from an NTP server as router s system time NTP Server Assign a public IP address or domain name of the NTP server...

Page 34: ...le Click Enable to activate this function The router will send system log message for your reference If you click Disable the router will not send out any message about system log Syslog Server IP The IP address of the Syslog server If a user assigns an IP address of 0 0 0 0 the Syslog function will be disabled Then Vigor3300 will not send Syslog packets to the Syslog server Syslog Server Port Ass...

Page 35: ...r Check HTTP Telnet SSH for the router Allow Management from the WAN Disable Disable the management from the WAN interface Enable All Enable all management through HTTP Telnet SSH from the WAN interface Enable User Defined WAN IP System can be managed by these three IP addresses via WAN Allowed IP1 to 3 Type in IP address up to three for managing the system Management Port Default Ports Use the de...

Page 36: ...another router The Vigor3300 Series supports the restore and upload functions of the configuration files In the System group click the Configuration Setup option And you can see the following page Select a Configuration File Please click the Browse button to find out the location of the configuration file to be uploaded to the router and click Apply Backup Configuration File Push Backup Button Dow...

Page 37: ...re file if you want to upgrade the firmware locally TFTP Server IP If you want to upgrade the firmware of this router from remote side please type the IP address of the TFTP server Remote File Name The default filename will be shown here If you have use another name to save the firmware file please type the new name in this field Apply After finished your selection please click Apply to execute th...

Page 38: ...al on the PC Now Vigor3300 can accept a TFTP download and will display the following message DrayTek V3300 Bootloader Press ENTER key within 5 sec to download image 2 Current LAN IP is 192 168 1 1 New IP Prepare downloading 5 Type the path name of the firmware image and activate the TFTP Client from the PC to download the image The corresponding message is shown as follows TFTP i 192 168 1 1 PUT V...

Page 39: ...at bfXXXXXX appears it means the firmware is under downloading 7 When set flash0_0 780000 800000 general appears it means the firmware downloading has been completed The router will reboot itself and you will see the Firmware version V2 X X Please wait about 20 seconds to relogin the router The procedure is finished now ...

Page 40: ...onfigured settings that you made before Besides you can select Reset to factory default to reboot the device and retrieve the default settings In the System group choose the Reboot option In the web page of Reboot a user must either keep the current configuration settings or use the default configuration after the Vigor3300 Series system has been rebooted Click Apply to reboot the whole system The...

Page 41: ...essions Table for the user to review such information In the System group click the Diagnostic Tools option z Select View Routing Table to get the following page Destination Display the destination IP address for various routings Gateway Display the default gateway Subnet Mask Display the subnet mask for various routings Flags Display the status of the routing entries Interface Denoted by eth0 if ...

Page 42: ...display this web page for getting newest ARP information z Select View DHCP Assignment Table to get the following page Assigned IP Display the IP address of the static DHCP server MAC Address Display the MAC address of the static DHCP server Time Left Display the remaining time for this IP address assigned by DHCP server When the time expired such IP address would not be kept for this client and m...

Page 43: ...urce port of the packet transmitted dPort Display the destination port of the packet transmitted Rep Source IP Display the source IP address of the packet replied Rep Dest IP Display the destination IP address of the packet replied sPort Display the source port of the packet replied dPort Displaysthe destination port of the packet replied z Select Data Flow Monitor to get the following page This p...

Page 44: ... of refreshing data flow that will be done by the system automatically Refresh Click Refresh to re display this web page for getting newest routing information 3 3 2 2 N Ne et tw wo or rk k S Se et tu up p For Internet access it is necessary for you to set WAN and LAN interfaces for the router 3 3 2 2 1 1 W WA AN N a an nd d I In nt te er rn ne et t A Ac cc ce es ss s S Se et tu up p The Vigor3300...

Page 45: ...tivates closes this WAN interface Default Route Set this WAN interface as default route interface Load Balance Adds this WAN interface to the load balance group Weight Set the weight load 10 90 for this WAN interface for load balance This selection is available only when Auto Weight is unchecked Backup Master Set this WAN interface as a master interface WAN1 must be assigned as Master interface if...

Page 46: ...information Most cable modem users will use DHCP to get a globally reachable IP address from the cable head end system Different mode will lead different configuration and will be explained in later section Before you connect a broadband access device e g a DSL Cable modem to Vigor3300 Series you need to know what kind of Internet access your ISP provides The following sections introduce four wide...

Page 47: ...Mean maximum transmission unit of one packet The default value is 1500 Host Name Some ISP may ask you to type your host name Please type in if necessary Domain Name Some ISP may ask you to type your domain name Please type in if necessary Detect Type Select a detecting type for this WAN interface There are three ways Send ARP to Gateway Send PING and Send HTTP Request supported in 3300 Detect Inte...

Page 48: ...not the connection of WAN interface will be regarded as breaking down This function is available when Detect Type is set with Send PING or Send Http Request IP Alias List Set other IP addresses binding in this interface You can set up to 32 sets of IP alias settings If you have typed addresses here you can see and choose it in later web page settings e g Advanced NAT Port Redirection DMZ Host Appl...

Page 49: ...y Count Assign detecting times to ensure the connection of the WAN After passing the times you set in this field and no reply received by the router the connection of WAN interface will be regarded as breaking down Detect Destination Host IP or Domain Name Assign an IP address or Domain name as a destination to be detected whether the host is active sending reply to the router or not If not the co...

Page 50: ...S CHAP V2 protocol for PPP authentication according to the feature that your ISP provided for widest compatibility The default value is PAP The password will be encrypted in CHAP but not in PAP Service Name Assign a service name required for some ISP services PPPoE IP Alias Set other IP addresses binding in this interface You can set up to 32 sets of IP alias settings If you have typed addresses h...

Page 51: ... it th h a a D DS SL L M Mo od de em m S Se et tu up p The service provider must provide the exact settings for this mode User Name Assign a specific valid user name provided by local ISP Password Assign a valid password provided by local ISP Authentication Select PAP CHAP MS CHAP or MS CHAP V2 protocol for PPP authentication according to the feature that your ISP provided for widest compatibility...

Page 52: ...ny network A DMZ is an optional and more secure approach to a firewall and effectively acts as a proxy server as well In a typical DMZ configuration for a small company a separate computer or host in network terms receives requests from users within the private network for access to Web sites or other companies accessible on the public network The DMZ host then initializes sessions for these reque...

Page 53: ...ssign traffic category and force it to go to dedicate network interface based on the following web page setup VoIP and VPN traffic can also be assigned to specific WAN ports In the Network group click the Load Balance Policy option You will get the following page Protocol Display the protocol used for this entry Source IP Display the source IP address specified for this entry Subnet Mask Display t...

Page 54: ...tton from 1 to 10 Then click the Edit button on the bottom to bring up the following Web page Protocol Select the desired protocol for the selected entry Source IP Subnet Mask Assign a source IP address and subnet of certain host in LAN for applying load balance policy Dest IP Subnet Mask Assign a destination IP address and subnet of certain host in LAN for applying load balance policy Dest Port R...

Page 55: ...example if you check WAN1 and WAN4 for China Telecom packets belong to China Telecom will pass through the specified WAN interfaces only and load balance will be done between WAN1 and WAN4 Auto Load Balance Choose Enable to invoke the auto load balance function for your devices China Telecom A telecom company China CNC A telecom company Other Traffic Regions that are not belonged to China Telecom ...

Page 56: ...n RFC 1918 Usually we use the 192 168 1 0 24 subnet for the route IP Address Type the IP address for LAN DHCP Subnet Mask Type the subnet mask for the LAN IP DHCP Status Click Enable the DHCP server click Disable to close DHCP server click Relay Agent to close DHCP sever and do the job of DHCP server Corresponding settings for Relay Agent can be configured in the page of DHCP Relay Agent Start IP ...

Page 57: ...y in the DNS cache the router will resolve the domain name immediately Otherwise the router forwards the DNS query packet to the external DNS server by establishing a WAN e g DSL Cable connection F Fo or r D DH HC CP P R Re el la ay y A Ag ge en nt t This page allows users to specify which subnet that DHCP server is located the relay agent should redirect the DHCP request to WAN Interface Choose t...

Page 58: ... to activate or close the IP routing of specific WAN interface IP Address Type an IP address for the WAN interface WAN1 WAN2 WAN3 WAN4 Subnet Mask Type the subnet mask for the WAN interface WAN1 WAN2 WAN3 WAN4 LAN Interface Select a proper LAN interface for WAN interface WAN1 WAN2 WAN3 WAN4 Note Vigor3300V supports four WAN interfaces yet Vigor3300 Vigor3300B support three WAN interfaces That is W...

Page 59: ...is designed to avoid single points of failure When failures occur the failover process moves processing performed by the failed component the Master to the backup component the Slave This process remains system wide resources recovers partial of failed transactions and restores the system to normal within a matter of microseconds Take the following picture as an example The left V3300 Series is re...

Page 60: ...Vigor3300 Series User s Guide 54 In the Network group click the High availability option H Hi ig gh h A Av va ai il la ab bi il li it ty y ...

Page 61: ... is from 1 to 255 PCs on the same group in LAN can support for each other Role Select a role for this device as Master or Slave Virtual IP Assign an IP address as a virtual IP Click Apply to reboot the system and apply the settings 3 3 2 2 5 5 R RI IP P C Co on nf fi ig gu ur ra at ti io on n The Routing Information Protocol RIP is a dynamic routing protocol used in local and wide area networks Th...

Page 62: ...n Vigor3300 A will create a routing rule to forward packet that destination is Vigor3300 C to Vigor3300 B In another direction Vigor3300 C will do the same thing Enable Disable Disables or enables this function Enabled Interface Check the interface to apply the RIP configuration Apply After finishing the configuration please click this button to invoke these settings 3 3 2 2 6 6 B Ba an nd dw wi i...

Page 63: ...each computer in LAN The default value is 1024 Default RX limit Define the default speed of the downstream for each computer in LAN The default value is 1024 Apply After finishing the configuration please click this button to invoke these settings L Li im mi it ta at ti io on n T Ta ab bl le e This function allows users to set limitation for bandwidth management In the Network group choose Bandwid...

Page 64: ...fine the limitation for the speed of the upstream If you do not set the limit in this field the system will use the default speed for the specific limitation you set for each index RX Limit Define the limitation for the speed of the downstream If you do not set the limit in this field the system will use the default speed for the specific limitation you set for each index Apply After finishing the...

Page 65: ... configuration please click this button to invoke these settings L Li im mi it ta at ti io on n T Ta ab bl le e This function allows users to set limitation for limit session In the Network group choose Limit Session and then Limitation Table You will get the following page Start IP Display the start IP address End IP Display the end IP address Session Number Display the session number Edit Click ...

Page 66: ...ress for limit session End IP Assign the end IP address for limit session Session Number Assign the available session number for each host in the specific range of IP addresses If you do not set the session number in this field the system will use the default session limit for the specific limitation you set for each index Apply After finishing the configuration please click this button to invoke ...

Page 67: ...te You will get the following page Network Interface Display the network interface LAN WAN1 2 3 or 4 Destination IP Display the destination IP of the static route Gateway IP Display the gateway address of the static route Mask Display the subnet mask of this route Edit Allow users to edit the selected static route settings Delete Delete All Removes one or all the selected static route settings The...

Page 68: ...ic route table Users can click Delete All to remove all entries in static route table 3 3 3 3 2 2 N NA AT T S Se et tu up p NAT Network Address Translation is a method of mapping one or more IP addresses and or service ports into different specified services It allows the internal IP addresses of many computers on a LAN to be translated to one public address to save costs and resources of multiple...

Page 69: ... requests to an appropriate host inside A user can also translate the port to another port by configuration For example port number with 1024 can be transferred into IP address of 192 168 1 100 of LAN The packet is forwarded to a specific local host if the port number matches that defined in the table In the Advanced group move to NAT option and choose Port Redirection to get the corresponding pag...

Page 70: ... is 20 characters Protocol Assign the transport layer protocol with TCP or UDP Public Port Range Assign a port range from starting to end public port number The port range is from 1 to 65535 Private IP Assign a local IP address to be transferred into Private Port Range Assign a port range from starting to end private port number Use IP Alias Disable option uses IP address of WAN interface Enable o...

Page 71: ...ies of broadband security routers The following session will show you how to setup address mapping feature In the Advanced group move to NAT option and choose Address Mapping to get the corresponding page Protocol Display the protocol used for this address mapping Public IP Display the public IP address selected for this entry Private IP Display the private IP set for this address mapping Mask Dis...

Page 72: ...ove all entries D DM MZ Z H Ho os st t In computer networks a DMZ De Militarized Zone is a computer host or small network inserted as a neutral zone between a company s private network and the outside public network It prevents outside users from getting direct access to company network A DMZ is an optional and more secure approach to a firewall and effectively acts as a proxy server as well In a ...

Page 73: ...MZ host settings Delete Delete All Remove one all the selected DMZ host settings To edit an item click the radio button of the item that you want to modify Then click Edit on the bottom of the page to add a new rule entry or modify an existed rule entry WAN Interface Select a WAN interface as the channel for DMZ host Private IP Assign an IP address of DMZ server to be permitted for access from out...

Page 74: ...the RADIUS server Your user accounts will not be limited by built in accounts in VPN PPTP User Profile It also lets you centralize remote access authentication for network management Radius is a server for remote user authentication and accounting Its primary use is for Internet Service Providers though it may as well be used on any network that needs a centralized authentication and or accounting...

Page 75: ...r used for Radius function Shared Secret Assign a code for authentication to server The RADIUS server and client share a secret which is used to authenticate the messages sent between them Both sides must be configured to use the same shared secret Confirm Shared Secret Confirm the code assigned in Shared Secret field WAN Interface Select one specific WAN interface to be used Click Apply to reboot...

Page 76: ...ng for V3300B and 3300B is 135 3 3 3 3 5 5 D DD DN NS S S Se et tu up p The Dynamic DNS function allows the router to update its online WAN IP address which assigned by ISP or other DHCP server to the specified Dynamic DNS server Once the router is online you will be able to use the registered domain name to access the router or internal virtual servers from the Internet DDNS is more popular on dy...

Page 77: ...y the connection status of this entry Click Refresh to re display the whole page information To modify DDNS setting click an entry number to get into edit mode Status Click Disable to disable this function Click Enable to activate this function Interface Select a specific interface for registering on DDNS server The Interface should be any WAN port on V3300 series Server Provider Assign a provider...

Page 78: ...nable to active this function Backup MX MX stands for Mail Exchanger Mail Exchangers are used for directing mail to specific servers other than the one a hostname points at Mail Extender Assign an email address Click Apply to finish these settings and return to previous page Note 1 The Wildcard and Backup MX features are not supported for all Dynamic DNS providers You could get more detailed infor...

Page 79: ... activation status enable or disable for this entry Date Time Display the start date and time for this schedule Action Display the action that this schedule adopts How often Display the using frequency once or specific day in a week of this schedule Week Option Display the specific day in a week if you choose Weekdays as the How often setting WAN Display the WAN interface used for this entry Edit ...

Page 80: ... interface to be applied Click Apply to finish this setting D De el le et te e C Ca al ll l S Sc ch he ed du ul le e To delete an item click the radio button of the item that you want to delete Then click Delete on the bottom of the page to remove the entry Also users can click Delete All to remove all entries in the table 3 3 3 3 7 7 W WA AN N P Po or rt t M Mi ir rr ro or ri in ng g S Se et tu u...

Page 81: ...a VLAN at the same time Thirdly it can transfer all data traffics to be mirrored to one analyzer connect to the mirroring port Last it is more convenient and easy to configure in user s interface In the Advanced group click the WAN Port Mirroring option You will see the following page Enable Disable Click Disable to disable this function Click Enable to activate this function Mirroring Port Select...

Page 82: ...VLANs allow the network manager to segment the network with a logical hierarchical structure VLANs can define a network by application or department For instance in the enterprise a company might create one VLAN for multimedia users and another for e mail users or a company might have one VLAN for its Engineering Department another for its Marketing Department and another for its guest who can onl...

Page 83: ...er connecting to the port being grouped in the specified VLAN Be aware that each port can be grouped in different VLAN at the same time only if you check the box For example if you check the boxes of VLAN0 P1 and VLAN1 P1 you can make P1 to be grouped under VLAN0 and VLAN1 simultaneously VLAN 0 3 This router allows you to set 4 groups of virtual LAN Apply After finishing the settings please click ...

Page 84: ...pe a number used for identification on VLAN for your computer Later you have to type the same ID number for each PC which wants to be grouped within the same VLAN group In addition if you type wrong ID number the following message will appear to warn you Please type correct number By the way if you don t know how to configure a VLAN setting on your computer please refer to How to Check Edit VLAN I...

Page 85: ...N ID Type the ID for each port used for identification on VLAN When the tag operation for each port representing for different computers connected to this router is marked by untagged to avoid conflict occurred the system will apply the ID listed in these boxes automatically for each port P1 to P4 to ensure proper and correct network operation 3 3 3 3 1 10 0 S SN NM MP P The Simple Network Managem...

Page 86: ...option There are two items for SNMP SNMP Community and SNMP Traps S SN NM MP P C Co om mm mu un ni it ty y In general NMSs in the community exist within the same administrative domain Community Display the community string used for the specified entry Host mask Display the mask address for the host Max Access Display the authority read only or read write for this entry Edit Allow users to edit the...

Page 87: ...d network by SNMP protocol agent will send a specific packet as an attention for administrator called Trap Trap is the only PDU Protocol data unit sent by an agent on its own initiative It is used to notify the management station of an unusual event that may demand further attention like a link down Choose SNMP Traps option to see the following page Trap Server Display the IP address of the trap s...

Page 88: ...ap server Assign an IP address of trap server Trap community Assign a community string for Trap packet using Trap server port Assign a port number for Trap server using Apply Click Apply to save this setting and return the previous page ...

Page 89: ...sers can select General Setup IP Filter DoS and URL Filter options from Firewall menu The DoS facility can detect and mitigate the DoS attacks The URL Filter can block inappropriate websites for SME 3 3 4 4 1 1 I IP P F Fi il lt te er r First you should create at least one Group in the IP Filter Group Table Then you can enable the Data Filter and select a Start Filter Group in General Setup The fo...

Page 90: ...o the IP filter table page for editing Group Name Display the group name Next Group Display next group name Comment Display the notice for current group Add Allow you to add a new IP filter table Edit Allow you to edit selected IP filter table Delete Allow you to delete selected IP filter table configuration If this entry is assigned as the started filter group already it cannot be deleted To add ...

Page 91: ...p name and modify the comment for your necessity When you finish the modification simply click Apply Besides you can add new filter rule for the group On the edit page of IP Filter Table click the Add Rule button The following page will be shown Source IP It means the source IP address Placing the symbol before a particular IP address will prevent this rule from being applied to that IP address It...

Page 92: ...ween the Start Port and the End Port including the Start Port and End Port Specifies the port number is larger than or equal to the Start Port Specifies the port number is less than or equal to the Start Port Between Specifies the port number is between the Start Port and End Port Destination IP It means the destination IP address for this filter rule Placing the symbol before a particular IP addr...

Page 93: ...locks the packet if no further rules are matched Pass if no further match means to passes the packet if no further rules are matched Note It is recommended placing pass rules in pass group and block ones be in block group Next Group Name It indicates the next filter group If the option Block if no further match or Pass if no further match of Block or Pass parameter is selected the unmatched packet...

Page 94: ...ee the following page The DoS Defense Engine inspects each incoming packet against the attack signature database Any packet that may paralyze the host in the security zone is blocked The DoS Defense Engine also monitors traffic behavior Any anomalous situation violating the DoS configuration is reported and the attack is mitigated DoS Defense Enables or disables the DoS Defense function The defaul...

Page 95: ...available services which respond The router will identify it and report a warning message if the port scanning rate in packets per second exceeds the user defined threshold value The default threshold is 300 pps packets per second Enable Block IP Options Activates the Block IP options function The router will ignore any IP packets with IP option field appearing in the datagram header Enable Block ...

Page 96: ...e Internet contains a wide range of offenses or illegal materials Unlike traditional media the Internet does not have any obvious tools to segregate materials based on URL strings or content URL content filtering systems are seen as tools that would provide the cyberspace equivalent of the physical separations that are used to limit access to particular materials By rating a site as objectionable ...

Page 97: ...r option You will see the following page Enable Disable Disable or Enable URL Filter function Keyword The keyword s used to filter URLs Keywords can be partial words or complete URLs The router will reject any Website which whole or partial URL matches any keywords Keyword List The list of keywords Block Direct IP Web Access Deny any Web surfing activity that directly uses an IP address Enable Exc...

Page 98: ...rooms and monitor and control web access from all computers connected to your router Server Enable or Disable Content Filter Select a Server The domain name is used to as a server The name should be filled when enable Server otherwise it will impact performance Permitted Categories List The permitted categories are obtained from the selected a server Forbidden Categories List The forbidden categor...

Page 99: ...ction The router will discard ActiveX object from the Internet Compressed Files Activates the Block Compressed file function to prevent from downloading of any compressed file These following types of compressed files are blocked by the router zip rar arj ace cab sit Execution Files Activates the Block Executable file function to prevent from downloading of any executable file The following types ...

Page 100: ...e URL content filtering facility is active during the specified times from H1 M1 to H2 M2 in one day where H1 and H2 indicate the hours and M1 and M2 represent the minutes Days of Week The URL content filtering facility is active during the specified days of the week The default value is 8 00 to 18 00 from Monday to Friday W Wa ar rn ni in ng g P Pa ag ge e After the configuration of URL Filter is...

Page 101: ... settings on this page will be invalid Strict Bind Click this radio button to block the connection of the IP MAC which is not listed in IP Bind List ARP Table This table is the LAN ARP table of this router The information for IP and MAC will be displayed in this field Each pair of IP and MAC address listed in ARP table can be selected and added to IP Bind List by clicking Add below Add and Edit IP...

Page 102: ...lect Strict Bind you have to bind one set of IP MAC address for one PC If not no one of the PCs can access into Internet And the web configurator of the router might not be accessed 3 3 4 4 5 5 I IM M P P2 2P P B Bl lo oc ck ki in ng g IM Blocking means instant messenger blocking P2P is the short name of peer to peer You will see a list of common P2P applications You can define blocking rules such...

Page 103: ...ic Thus timing sensitive applications will not be impacted by web surfing traffic or other non critical applications such as file transfer Without QoS guaranteed control there would be virtually no way to prioritize users services or guarantee allocation of finite bandwidth resources to network or servers for supporting timing sensitive and mission critical network applications such as VoIP Voice ...

Page 104: ...etup There are eight queues that can be configured The total sum of bandwidth has to be 100 percent for all configured queues Any leftover bandwidth is assigned to eight queues to meet 100 percent totally Disable Enable Click Disable to close this setting Click Enable to activate this setting Index It represents the number for each queue Class Name Please type the name for each queue Bandwidth Ple...

Page 105: ...s Display the service type that you choose for the filter DiffServ CodePoint Status Display the setting for DiffServ CodePoint Class Display the class name that you specified for the incoming outgoing class filter Edit Click this button to open the edit page for adjusting the settings Delete Delete All Click this button to delete the selected setting or all settings To edit an incoming class filte...

Page 106: ...The Protocol and Port fields are allowed to be configured None No field is allowed to be configured Service Type Select the service type that you want to use There are thirty five service types provided Protocol There are three options TCP UDP and TCP UDP Choose the one you need Source Destination Port Type the port range number for this filter DiffServ CodePoint Status There are three options Bas...

Page 107: ...tworks like the Intranet A VPN enables you to send data between two hosts across a shared or public network in a manner that emulates the properties of a point to point private link There are two types of VPN connections remote dial in access and LAN to LAN connection The Remote dial In Access facility allows a remote access node a NAT router or a single computer to dial into a VPN router through ...

Page 108: ...in the IPSec architecture is a hybrid protocol using part of Oakley and part of SKEME in conjunction with ISAKMP to obtain authenticated keying material for use with ISAKMP and for other security associations such as AH and ESP for the IPsec DOI 3 3 6 6 1 1 I IP PS Se ec c The IPSec services can provide access control connectionless integrity data origin authentication rejection of replayed packet...

Page 109: ...tton can guide you accessing into editing page for that IPSec tunnel For detailed information refer to the following section of For Default Configuration Delete Delete a designated entry Delete All Delete all entries in the table To edit or add a policy table please click one of the radio buttons and click Edit ...

Page 110: ... have to click Initiate under the page of VPN IPSec Tunnel Policy Table Always On Choose this one to invoke this profile automatically by the system for every 30 seconds Disable Choose this one to inactivate this profile Name The name for VPN connection ex VPN1 The maximum length of name is 20 characters including spaces Authentication The authentication to be used by PreShared Key or RSA Signatur...

Page 111: ...he local gateway s public network interface The keyword default can be used to represent the IP Address of the selected WAN Interface Network IP Subnet Mask The subnet behind the local gateway Next Hop The IP address of the next hop The keyword default can be used to represent the gateway IP address of the selected WAN Interface Remote ID The identification number for the remote gateway DHCP over ...

Page 112: ...ation There are several proposals offered in this page with combination of three types of algorithms Encryption algorithms DES 3DES AES Authentication algorithms MD5 SHA1 DH Diffie Hellman Group MODP768 MODP1024 MODP1536 Key Lifetime quick The rekey renegotiated period of the IKE Phase2 keying channel The acceptable range is from 5 to 1440 minutes 24 hours Proposal quick The proposed encryption an...

Page 113: ... emitted periodically when a tunnel is idle Use the value 0 to disable this function The recommended value is 30 seconds if enabled Timeout The timeout timer The peer will be declared dead once no acknowledge message is received after timeout value Use the value 0 to disable this function The recommended value is 120 seconds if enabled After finish the configuration click Apply to apply the IPSec ...

Page 114: ...TRUNK VPN Backup mechanism is compliant with all WAN modes single multi The web page is simple to understand and easy to configure Filly compliant with VPN Server LAN Sit Single Multi Network Syslog support please refer to System SysLog for detailed configuration F Fe ea at tu ur re es s o of f V VP PN N T TR RU UN NK K V VP PN N L Lo oa ad d B Ba al la an nc ce e M Me ec ch ha an ni is sm m VPN L...

Page 115: ...n Edit Configure an entry Clicking this button can guide you accessing into editing page for that IPSec tunnel For detailed information refer to the following section of For Default Configuration Delete Delete a designated entry Delete All Delete all entries in the table ...

Page 116: ... profile Name The name for VPN connection ex VPN1 The maximum length of name is 20 characters including spaces Authentication The authentication to be used by PreShared Key or RSA Signature PreShared Key The shared key for peer identification The maximum length is 40 characters including spaces Security Protocol AH Specify the IPSec protocol for the Authentication Header protocol The data will be ...

Page 117: ...public network interface The keyword default can be used to represent the IP Address of the selected WAN Interface Local GRE IP The virtual IP address of the router specified for this tunnel Next Hop The IP address of the next hop The keyword default can be used to represent the gateway IP address of the selected WAN Interface Remote ID The identification number for the remote gateway Security Gat...

Page 118: ...e renegotiated period of the IKE Phase1 keying channel of a connection The acceptable range is from 5 to 480 minutes 8 hours Proposal main The proposed encryption and or authentication algorithms for IKE Phase1 negotiation There are several proposals offered in this page with combination of three types of algorithms Encryption algorithms DES 3DES AES Authentication algorithms MD5 SHA1 DH Diffie He...

Page 119: ...timeout value Use the value 0 to disable this function The recommended value is 4 seconds if enabled Auto GRE Key Check this box to automatically generate GRE key Or type the GRE key on the fields below manually GRE Key In This value is used for the router to authenticate the source of the packet The length is 4 bytes GRE Key Out This value is used for the remote client to authenticate the source ...

Page 120: ...ion Simply click VPN VPN Trunk Group Table to access into the following page There are ten groups offered for users to configure Edit Configure an entry Clicking this button can guide you accessing into editing page for that group For detailed information refer to the following section of For Default Configuration Delete Delete a designated entry Delete All Delete all entries in the table To edit ...

Page 121: ...many flow rates can pass through on this tunnel For example type 1 for tunnel 1 and type 4 for tunnel 2 If such device has 5 packets needing to send to the remote subnet it will send 4 packets through tunnel 2 and 1 packet through tunnel 1 Active Check this box to enable VPN tunnel backup Master Slave Choose the master and salve roles for this backup configuration After finish the configuration cl...

Page 122: ... refresh the whole table Clear It allows you to clear all the table information T Tr ru us st t C CA A This page allows you to set up the CA configuration Click the VPN IPSec Trust CA option It can make users loading double key certificate issued by trusted CA server To upload a new Trust CA please select any one of the entry and click the Upload button The following page will appear ...

Page 123: ...te a new entry for user certification Download Download a certification file generated from router to be stored in local host Import Import a certificated file from the local host Delete Delete an assigned entry View Show configuration of the assigned entry z To generate a user certificate please click one radio button to select the entry and click the Generate button Certification Name The name o...

Page 124: ...this entry Common Name The common name for this entry Country The country name of this entry E mail The email address of this entry Key Size The key size for this entry There are 3 options 1024 Bits 1536 Bits and 2048 Bits When you finish the configuration please click Apply to invoke it z To download a user certificate please click index number one with the status of Request Generated and click t...

Page 125: ...a place that you want z To delete a user certificate please click the index number that you want to delete and click the delete button A dialog box will appear to ask your confirmation Click OK to delete it or click Cancel to leave the dialog without deletion z To view a user certificate please click the index number that you want to view the detailed information of the certificate and click the V...

Page 126: ...y the bytes count received by this tunnel Packet Out Display the packets count sent out by this tunnel Byte Out Display the bytes count sent out by this tunnel Uptime Display the time duration since the tunnel is established Refresh Allow you to refresh current VPN status Disconnect Allow you to disconnect the select VPN connection 3 3 6 6 2 2 P PP PT TP P L L2 2T TP P P PP PT TP P G Ge en ne er r...

Page 127: ...s for carrying out mutual authentication whenever you want Password Type the password that the other side provides for carrying out mutual authentication whenever you want Get DNS Server from LAN Setting Use DNS setting of LAN configuration Get DNS Server by Manual Setting If you click this radio button please type the primary DNS and secondary DNS IP address manually in the following fields Prima...

Page 128: ...carrying out mutual authentication whenever you want Password Type the password that the other side provides for carrying out mutual authentication whenever you want Get DNS Server from LAN Setting Use DNS setting of LAN configuration Get DNS Server by Manual Setting If you click this radio button please type the primary DNS and secondary DNS IP address manually in the following fields Primary DNS...

Page 129: ...ect the value of subnet mask for the Accessed IP U Us se er r P Pr ro of fi il le e This page allows you to set up to 30 sets of accounts Profile Status Display status disable or enable for this entry User Name The user name for this entry Group The group for this entry Edit Allow you to edit the selected group Type in user name and password then choose a proper group A B C or D that configured in...

Page 130: ...refresh automatically every 10 seconds Index Display the index number of the tunnel Remote IP Display remote IP address of the tunnel Assigned IP Display IP address assigned by Vigor3300 User Display user account of this tunnel Byte In Display the bytes count received by this tunnel Byte Out Display the bytes count sent out by this tunnel Uptime Display the time duration since the tunnel is establ...

Page 131: ...r analog phone line The Vigor3300 Vigor3300V provides cost effective voice solution for SME customers which can be explained with the following diagram 3 3 7 7 1 1 P Pr ro ot to oc co ol l There are two protocols can be used for VoIP SIP and MGCP You should click either one of buttons to set corresponding settings for VoIP phones Be aware that both sides local end and remote end should use same pr...

Page 132: ...proxy server Proxy Name Type the name of the SIP proxy server Proxy Address Type the IP address of the SIP proxy server Proxy Port Type the port number of the SIP proxy server Registrar Address Type the IP address or domain name of the SIP registrar server Registrar Port Type the port number of the SIP registrar server Expires Type the timeout value for SIP protocols The default value is 300 Domai...

Page 133: ...c ID Starting Number Determine the starting number for the endpoint name There are eight ports in Vigor3300 series The default name for endpoint will be aaln If you type 1 in this filed the endpoint name will be aaln 1 aaln 2 aaln 8 If you type 11 in this field the endpoint name will be aaln 11 aaln 12 aaln 18 etc Simply keep the default value 1 Wild carded RSIP For VoIP phone call with MGCP confi...

Page 134: ...e for each phone number Type Display the type of the VoIP connection Active Display the status active or not for the VoIP connection Group Display the group number of the VoIP connection Username Display the username that you typed for the VoIP connection Proxy Display the proxy information that you set on VoIP Protocol page for the VoIP connection Codec Display the codec settings for the VoIP con...

Page 135: ...ort or Disable to close this port User Name Type the user name a number for each phone line Password Type the user password for each phone line Display Name Type the user name to be displayed on another phone terminal Authentication ID Type the characters for authenticate this ...

Page 136: ...ng out to PBX PSTN automatically FXO Manual Disconnection Click Disconnect to disconnect this phone line manually Codec Preferred Codec It can be applied on this port Vigor3300 supports five Codecs The default setting is G 729A You can choose another one as preferred Codec for outgoing calls Single Codec If you checked this box only preferred codec will be used for outgoing and incoming calls And ...

Page 137: ...MF Mode InBand Choose this one then the Vigor will send the DTMF tone as audio directly when you press the keypad on the phone OutBand RFC2833 Choose this one then the Vigor will capture the keypad number you pressed and transform it to digital form then send to the other side the receiver will generate the tone according to the digital form it receive This function is very useful when the network...

Page 138: ... the first port of a group from Internet it will ring all available ports belonging to this group to provide voice service at the same time It is easier for the customer to remember just one phone number corresponding to the company By enabling this function the 4 or 8 port VoIP will use the first enabled port phone setting on the table as their phone number Up to 8 groups can be configured and as...

Page 139: ...ation Type the destination address of the dial Memo Type a description for the specified number Apply Click this button to activate the page settings Clear This Page Click this button to remove all the settings in this page 3 3 7 7 4 4 A Ad dv va an nc ce ed d S Sp pe ee ed d D Di ia al l Speed dial allows users to call out with simple buttons instead of dialing long numbers To set a speed dial wi...

Page 140: ...alls with phone numbers of 03654321 and 04556890 In which 03654321 is suitable for this speed dial rule Strip Length Assign the length of digit to be removed from the original phone number For example suppose the original phone number is 03654321 and the strip length is 2 The first two numbers 03 will be removed and the final phone number becomes 654321 Append Assign a new number to be added befor...

Page 141: ...call For example the phone number is 03654321 and the dialing completion timeout is set to 4 secs The user dials with 036 and stops to dial After passing through 4 seconds the router will send out that phone call automatically VoIP ToS The ToS value in VoIP protocol packet The default setting is 0xa0 Line Polarity Reversal as Callee Answer Check this box to generate line polarity reversal while th...

Page 142: ... inconvenience for users To set the sound pattern of the phone set simply choose a proper region to let the system find out the preset tone settings and caller ID type automatically Or you can adjust tone settings manually if you choose User Defined TOn1 TOff1 TOn2 and TOff2 mean the cadence of the tone pattern TOn1 and TOn2 represent sound on TOff1 and TOff2 represent the sound off Region Choose ...

Page 143: ...tone A tone means the network is busy Low Frequency Hz Type the low frequency number in Hertz High Frequency Hz Type the high frequency number in Hertz TOn1 10msec Type the duration of the first ring TOff1 10msec Type the silence duration after the first ring TOn2 10msec Type the duration of the next continuous ring TOff2 10msec Type the silence duration after the next continuous ring Tone Timer D...

Page 144: ...ta throughput will be higher Enable Click this button to invoke QoS function The voice quality can be good and the data throughput will be lower Link Fragmentation and Interleaving Each packet size is determined by the bandwidth of WAN interface The smaller the bandwidth is the smaller the packet will be Such activity can reduce the time delay of packet transmitting Meanwhile the VoIP packets will...

Page 145: ...s Type the IP address to be used as the NAT IP address The feature is used when Vigor 3300V is behind a NAT router and the NAT router uses a static WAN IP address This value is the same as the WAN IP of the front NAT router Auto Discovery NAT IP Address It is used when Vigor3300 is behind a NAT router and the NAT router uses a dynamic WAN IP address such as a DHCP or PPPoE client The Vigor3300 req...

Page 146: ...ote end Vigor3300 will change the IP address automatically according to the real IP address of the packets to ensure the remote receiver can get the packets 3 3 7 7 9 9 I In nc co om mi in ng g C Ca al ll l B Ba ar rr ri in ng g This feature is used to bar incoming VoIP calls from the Internet Barring classes can be specified to allow or deny incoming calls There are five barring classes on the de...

Page 147: ... Disable this function to take the value of Speed Dial Destination to be checked Speed Dial Entries Type the range to be checked The default value is from 1 to 150 A Al ll lo ow w L Li is st t The Vigor3300 Series supports up to 30 entries in the Allow List table When you choose Allow only calls from allow list as the Barring Class only the people listed in this list can call this router Name The ...

Page 148: ...C Ca al ll l H Hi is st to or ry y This page lists the call history through Vigor3300 You can click Refresh to get the latest history information for these VoIP phones Besides this page refreshes automatically every 10 seconds Refresh Option You can click Refresh to get the latest status information for these VoIP phones In addition you can set the time interval of refreshing Use the drop down lis...

Page 149: ... Remote RTP Port The used port number of remote voice site RTP Statistic The statistic of RTP with abbreviation will be shown in this field e g PS Packets Sent OS Octets Sent PR Packets Received OR Octets Received PL Packets Lost JI Interarrival Jitter Estimate ms LA Average TX Delay ms Codec Type The Codec mode used for this phone calling Packet Period The period of time for sampling on voice sig...

Page 150: ...he user can dial out If not prompt sound of PIN Error would be played 3 3 7 7 1 12 2 S St ta at tu us s This page displays the connection status for VoIP phone calls Refresh Option You can click Refresh to get the latest status information for these VoIP phones In addition you can set the time interval of refreshing Use the drop down list of Refresh Option to choose ...

Page 151: ...aling direction for this call Incoming Outgoing Caller Number The phone number of the caller Callee Number The phone number of the receiver Start Time The starting time of the call Remote RTP Address The IP address of the remote voice site Remote RTP Port The used port number of the remote voice site Codec Type The Codec mode used for this phone call Packet Period The period of time for sampling o...

Page 152: ...Vigor3300 Series User s Guide 146 This page is left blank ...

Page 153: ...efault setting if necessary If all above stages are done and the router still cannot run normally it is the time for you to contact with your dealer for advanced help 4 4 1 1 C Ch he ec ck ki in ng g I If f t th he e H Ha ar rd dw wa ar re e S St ta at tu us s I Is s O OK K o or r N No ot t Follow the steps below to verify the hardware status 1 Check if the power line and WLAN LAN cable connection...

Page 154: ...network connection settings After trying the above section if the link is stilled failed please do the steps listed below to make sure the network connection settings is OK F Fo or r W Wi in nd do ow ws s The example is based on Windows XP As to the examples for other operation systems please refer to the similar steps or find support notes in www draytek com 1 Go to Control Panel and then double ...

Page 155: ...Vigor3300 Series User s Guide 149 3 Select Internet Protocol TCP IP and then click Properties 4 Select Obtain an IP address automatically and Obtain DNS server address automatically ...

Page 156: ...Guide 150 F Fo or r M Ma ac cO Os s 1 Double click on the current used MacOs on the desktop 2 Open the Application folder and get into Network 3 On the Network screen select Using DHCP from the drop down list of Configure IPv4 ...

Page 157: ... below to ping the router correctly F Fo or r W Wi in nd do ow ws s 1 Open the Command Prompt window from Start menu Run 2 Type command for Windows 95 98 ME or cmd for Windows NT 2000 XP The DOS command dialog will appear 3 Type ping 192 168 1 1 and press Enter It the link is OK the line of Reply from 192 168 1 1 bytes 32 time 1ms TTL 255 will appear 4 If the line does not appear please check the ...

Page 158: ...configuration GUI http 192 168 1 1 click Network WAN to check your ISP settings for IP modes 2 Make sure the Active check box has been selected F Fo or r P PP PP Po oE E M Mo od de e 1 Check if Username and Password are entered with correct values that you got from your ISP 2 Check if the setting of Authentication is correct or not You may need to try both PAP and CHAP ...

Page 159: ... settings go to System Status page and click WAN Status You will get a correct web page of WAN settings F Fo or r S St ta at ti ic c M Mo od de e 1 Check if the values of IP Address Subnet Mask Gateway IP Address and Primary DNS that you got from ISP are set properly or not If you forget please contact with ISP for getting new ones ...

Page 160: ...get a correct web page of WAN settings F Fo or r D DH HC CP P M Mo od de e 1 Check if Host Name optional and Domain Name optional are correct or not Both them are required for some ISPs 2 If anything wrong please check and retype correct values Then try the network connection again 3 After finishing the settings go to System Status page and click WAN Status You will get a correct web page of WAN s...

Page 161: ...Local Address PPTP Subnet Mask and PPTP Remote Address are correct or not 4 After finishing the settings go to System Status page and click WAN Status You will get a correct web page of WAN settings 4 4 5 5 B Ba ac ck ki in ng g t to o F Fa ac ct to or ry y D De ef fa au ul lt t S Se et tt ti in ng g I If f N Ne ec ce es ss sa ar ry y Sometimes a wrong connection can be improved by returning to th...

Page 162: ...es se et t While the router is running ACT LED blinking press the RST button and hold for more than 5 seconds When you see the ACT LED blinks rapidly please release the button Then the router will restart with the default configuration After restore the factory default setting you can configure the settings for the router again to fit your personal request 4 4 6 6 C Co on nt ta ac ct ti in ng g Y ...

Page 163: ... adjust firewall setting to deny LAN to LAN communication from Firewall IP Filter Group Table Thus PCs that belong to various LANs will not connect with each other through the router To a company with several departments such feature is useful for it to determine data sharing among different departments 1 Open Firewall IP Filter Group Table to access into the following page Click Index 2 radio but...

Page 164: ...d di it t V VL LA AN N I ID D o on n Y Yo ou ur r P PC C Not all the network cards support VLAN features If you cannot sure if the network card of your computer supports tagged VLAN or not please do the following steps to check or edit VLAN ID on your PC 1 Go to Control Panel and then double click on Network Connections ...

Page 165: ...Vigor3300 Series User s Guide 159 2 Right click on Local Area Connection and click on Status 3 On the following dialog click Properties 4 Click Configure to access into next screen ...

Page 166: ...On this dialog box locate VLANs tag and click on it If you cannot find out VLANs tag that means your network card does not support VLAN feature 6 In this screen there is no VALN existed You can create a new one Please click the New button ...

Page 167: ...dialog please type a number in the box of VLAN ID Here 5 is entered The corresponding VLAN Name will appear automatically Next click OK to create it 8 After you click OK the system will configure for the VLAN settings Please wait for several seconds ...

Page 168: ... the configuration is finished the new VLAN settings with ID number and name will appear on previous dialog Desktop Adapter Properties Click OK to exit this dialog 10 Now the Desktop Adapter VLAN dialog will appear as follows Please click OK ...

Page 169: ...Vigor3300 Series User s Guide 163 11 Next time if you want to check VLAN setting again please open Settings tag to modify it ...

Page 170: ...du ur re e 1 Refer to A 1 to block LAN to LAN communication 2 Create VLAN5 VLAN6 VLAN7 and VLAN8 Groups 3 In the VLAN5 input 5 to VLAN ID In the Member field choose p1 Then choose the Untagged for Frame Tag Operation in p1 Configure the PVID to 5 for the device does not support 802 1Q VLAN 4 In the VLAN6 input 6 to VLAN ID In the Member field choose p2 Then choose the Untagged for Frame Tag Operat...

Page 171: ...om 192 168 1 2 to 192 168 1 254 10 In the Network setting type the subnet 192 168 2 0 to LAN2 For example the VLAN6 LAN IP is 192 168 2 1 and the Subnet Mask is 255 255 255 0 Then users in the Engineer Department can set IP address from 192 168 2 2 to 192 168 2 254 11 In the Network setting type the subnet 192 168 3 0 to LAN3 For example the VLAN7 LAN IP is 192 168 3 1 and the Subnet Mask is 255 2...

Page 172: ...he subnet of VLAN6 is 192 168 2 0 P Pr ro oc ce ed du ur re e 1 Refer to A 1 to block LAN to LAN communication 2 Create VLAN5 and VLAN6 Groups 3 In the VLAN5 type 5 to VLAN ID In the Member field choose p1 and p2 Then choose Tagged for Frame Tag Operation in p1 and p2 We can ignore the PVID Port VLAN because 802 1q tag will be inserted to the frame from the PC of Engineer Department 4 In the VLAN6...

Page 173: ... with 802 1Q tagged devices only 7 In the Network setting type the subnet 192 168 1 0 to LAN For example the VLAN5 LAN IP is 192 168 1 1 and the Subnet Mask is 255 255 255 0 Then users in the Engineer Department can set IP address from 192 168 1 2 to 192 168 1 254 8 In the Network setting type the subnet 192 168 2 0 to LAN2 For example the VLAN6 LAN IP is 192 168 2 1 and the Subnet Mask is 255 255...

Page 174: ... du ur re e 1 Refer to A 1 to block LAN to LAN communication 2 Create VLAN5 VLAN6 VLAN7 and VLAN8 Groups 3 In the VLAN5 type 5 to VLAN ID In the Member field choose p1 Then choose the Tagged for Frame Tag Operation in p1 We can ignore the PVID Port VLAN ID because 802 1q tag will be inserted to the frame from the PC of company A 4 In the VLAN6 type 6 to VLAN ID In the Member field choose p2 Then c...

Page 175: ... be inserted to the frame from company D 7 After applying the settings the web page will be redirect to reboot web page User can ignore it and continue to configure the Network setting After finishing Network setting you can execute the reboot procedure 8 After rebooting the tagged ports will communicate with 802 1Q tagged devices only 9 The network configuration is the same with A 2 1 Please refe...

Page 176: ...r re e 1 Refer to A 1 to block LAN to LAN communication 2 Create VLAN5 VLAN6 VLAN7 and VLAN8 Groups 3 In the VLAN5 type 5 to VLAN ID In the Member field choose p1 Then choose the Tagged for Frame Tag Operation in p1 We can ignore the PVID Port VLAN ID because 802 1q tag will be inserted to the frame from the PC of Engineer Department 4 In the VLAN6 type 6 to VLAN ID In the Member field choose p2 T...

Page 177: ... does not support 802 1Q VLAN 7 After applying the settings the web page will be redirected to reboot web page User can ignore it and continue to configure the Network setting After finishing Network setting you can execute the reboot procedure 8 After rebooting the tagged ports will communicate with 802 1Q tagged devices only 9 The network configuration is the same with A 2 1 Please refer to A 2 ...

Page 178: ...92 168 3 0 and the subnet of VLAN8 is 192 168 4 0 P Pr ro oc ce ed du ur re e 1 Refer to A 1 to block LAN to LAN communication 2 Create VLAN5 VLAN6 VLAN7 and VLAN8 Groups 3 In the VLAN5 input 5 to VLAN ID In the Member field choose p1 p2 p3 and p4 Then choose the Tagged for Frame Tag Operation in p1 p2 p3 and p4 We can ignore the PVID Port VLAN ID because 802 1q tag will be inserted to the frame f...

Page 179: ... ignore the PVID Port VLAN ID because 802 1q tag will be inserted to the frame from some users 7 After applying the settings the web page will be redirected to reboot web page User can ignore it and continue to configure the Network setting After finishing Network setting you can execute the reboot procedure 8 After rebooting the tagged ports will communicate with 802 1Q tagged devices only 9 The ...

Page 180: ...ace FXS and FXO You can deploy different VoIP applications according to the requirements 5 5 2 2 1 1 F FX XS S a an nd d F FX XO O FXS Foreign eXchange Station and FXO Foreign eXchange Office are assembled with a pair A telecommunications line from an FXO device must be connected to an FXS device Similarly an FXS device must be connected to an FXO device For example PSTN is FXS equipment and a tel...

Page 181: ...f the PBX are usually connected to telephones so the PBX acts as FXS equipment FXS equipment PSTN or inside lines of PBX FXO equipment Telephones FAX machines and outside lines of PBX Based on the characteristics described above that the FXS equipment and the FXO equipment must connect with each other please pay special attention when you use FXS card and FXO card FXS card This card can connect to...

Page 182: ...Vigor3300 Series User s Guide 176 FXO card This card can connect to PSTN inside lines of PBX and FXS port on FXS cards ...

Page 183: ... refer to the part of Practical Application of FXS 5 5 2 2 3 3 P Pr ra ac ct ti ic ca al l A Ap pp pl li ic ca at ti io on n o of f F FX XO O c ca ar rd d w wi it th h P PB BX X By combining the FXO with headquarters PBX it allows the branch s telephones to connect to Headquarters PBX via the Internet and communicate with the customers via the PBX Another application is that you can call back to t...

Page 184: ...GCP and the IP Address WAN or LAN VPN used by VoIP You need to configure relative settings at first Please refer to the figure below as an example of Vigor 3300V Port Settings This page displays the basic settings for each port Click the Edit icon in the Phone Number page to enter the Edit page Then you can configure this port ...

Page 185: ...Vigor3300 Series User s Guide 179 Port Settings Port Edit Configure related VoIP settings for each port respectively ...

Page 186: ...nction is more convenient to dial extension number or IP address There are 150 entries available at most Miscellaneous Other related VoIP settings Tone Settings There are optional built in 14 groups of tone for different regions and a group of tone User Defined can be configured by users ...

Page 187: ...t pass through the upper layer NAT router User can enable STUN function in order to make VoIP function can work smoothly Note The upper layer router must forward the UDP packets which port number are 5060 13456 13470 and 49170 49184 to the WAN IP address of 3300V Incoming Call Barring Set This function can receive or reject the specific VoIP calling via Internet The rules are based on the speed di...

Page 188: ...Vigor3300 Series User s Guide 182 Call History It can display 50 groups of calling information Status Display current VoIP registering status and calling status ...

Page 189: ... Application of FXO 5 5 2 2 6 6 E Ex xa am mp pl le e 1 1 B Ba as si ic c C Co on nf fi ig gu ur ra at ti io on n a an nd d R Re eg gi is st tr ra at ti io on n In this case 3300V uses a FXS card and a FXO card with four groups of iptel numbers and fwd numbers respectively The Codec is G 729A WAN IP address is 220 135 240 207 2900V has two VoIP Ports with an iptel number and the fwd number respect...

Page 190: ...able the port setup the account etc Disable or Enable By default is Enable Username Password Type the registrar s account 888833 and password Display Name Display incoming call s information To facilitate ease differentiation please type 3300V_Port1_iptel Proxy Server Select the SIP Server used for registration from the pull down menu There are None and three SIP Servers available which are set in...

Page 191: ...quality By default is Disable CAS Adjust the volume of the conversation RX Gain The default value is 0 TX Gain The default value is 0 FAX Relevant settings used for FAX over VoIP FAX Mode Compression mode used for transferring FAX By default is T 38 Relay FAX Bypass Codec Select the compression mode when FAX Mode selects Bypass FAX Bypass Codec Rate Select the transfer rate of voice packets when F...

Page 192: ...nd 6 are registered to iptel Proxy and Port 3 4 7 8 are registered to fwd Proxy Codec Port 1 Port 8 all prior use G 729A 8kbps 5 Enter the VoIP Status page wait one or two minutes The time depends on SIP Server s response speed and the network condition Register Status Display the register information from Port 1 Port 8 OK means this port is registered successfully Call Status Display calling info...

Page 193: ...ically refresh every 6 second so as to display the latest status You may click Refresh button to renew immediately C Co on nf fi ig gu ur ra at ti io on n E Ex xa am mp pl le e f fo or r V Vi ig go or r2 29 90 00 0V V 1 Open the Web of 2900V and click VoIP Setup ...

Page 194: ...Setup Setup Port1 and Port2 This page falls into two sections SIP Setup relevant SIP Servers used for registration respectively Ports Type account and password After configuration please click OK to save the settings 2900V will go to VoIP Setup page automatically ...

Page 195: ...atus 3 Wait one or two minutes The time depends on SIP Server s response speed and the network condition Channel R means Port 1 and Port 2 register successfully Status IDLE means there is no conversations on Port 1 Port 8 Now the configuration is completed ...

Page 196: ...vers All the settings are based on the VoIP Example 1 Basic Configuration and Registration D Di ir re ec ct t I IP P C Ca al ll l C Ca al ll l w wi it th h e ea ac ch h o ot th he er r w wi it th ho ou ut t r re eg gi is st tr ra at ti io on n Connect a telephone into 3300V s Port 1 and 2900V s Port 1 respectively They can call with each other directly with IP addresses if only 3300V and 2900V bot...

Page 197: ...0 2 shown below Otherwise even if you dial the IP address the call will be sent to the SIP Proxy Server still Besides if the SIP Proxy Server doesn t forward the call to remote VoIP user s WAN IP you can t do this action Configuration Example for Vigor3300V Enter VoIP Speed Dial page configure relevant settings for 2900V s Port1 Speed Dial Phone Number type 2901 Speed Dial Destination Cal lee s Nu...

Page 198: ...VoIP Setup page 2 Click Index 1 3 Enter relevant settings for 3300V s Port 1 Click OK to save the settings Enable click to activate the entry Phone Number type 3301 Display Name To facilitate ease differentiation please type 3300V_Port1_IP SIP URL Cal lee s Number IP please type 888833 220 135 240 207 ...

Page 199: ...nation of the phone number After pressing VoIP is immediately called out Or you may wait 3 seconds if you do not press With 2900V you can t only dial alphanumeric addresses or symbols To dial an IP address start and end it with a hash replace the dots with star In this example you have to press 220 135 240 207 But 3300V can only receive the format of Number IP So it is required to setup 3300V s nu...

Page 200: ...tively Each port needs to register in the SIP Server Below shows a scenario architecture graph Configurations between Vigor 3300V and 2900V WAN IP Port Number Phone Number Proxy Codec Port1 FXS 888833 iptel G 729A 3300V 220 135 240 207 Port3 FXS 660533 fwd G 729A Port1 FXS 888829 iptel G 729A 2900V 61 31 167 135 Port2 FXS 660529 fwd G 729A You can also add Speed Dial numbers in Speed Dial to speed...

Page 201: ...y to save the settings and finish the configuration Start to dial by using telephones Phone 1 call Phone 3 Press 888829 or 291 Phone 2 call Phone 4 Press 660529 or 292 Phone 3 call Phone 1 Press 888833 Phone 4 call Phone 2 Press 660533 Note indicates termination of the phone number After pressing VoIP is immediately called out Or you may wait 3 seconds if you do not press ...

Page 202: ...Configuration Example for Vigor3300V Enter the VoIP Speed Dial page and add the 4th and 5th group of Speed Dial number Then press Apply to save the settings and finish the configuration Configuration Example for Vigor2900V Click DialPlan Setup in the VoIP Setup page Then add the second and third group of Speed Dial number Start to dial by using telephone Phone 1 call Phone 4 Press 2912 Phone 2 cal...

Page 203: ... In this example 3300V acts as a bridge accepting incoming VPN connections from the other two routers 2900V and 2200V The VPN traffic between 2900V and 2200V are all passed through 3300V These three sites internal networks must be within the same subnet 192 168 X X Either site can ping the other two routers Then you can make a VoIP call through the encrypted VPN tunnel by directly dialing remote r...

Page 204: ...IP Port Number Phone Number Proxy Codec 3300V 220 135 240 207 Port1 FXS 888833 G 729A 2900V 61 31 167 135 Port1 FXS 888829 G 729A 2200V 61 230 207 146 Port1 FXS 888822 G 729A About the VPN configurations please refer to VPN Example 3 three part communication About VoIP basic configuration please refer to VoIP Example 1 Basic Configuration and Registration The following examples are modified which ...

Page 205: ...ection WAN or LAN VPN Or select none as Proxy Server for each Port 2 Enter the VoIP Port Settings page now the Proxy entries all display Disable If you select none as Proxy Server for each Port the Proxy entries are blank 3 Enter the VoIP Speed Dial page and input the first and second group of Speed Dial Phone Number Click Apply to save the settings ...

Page 206: ... Functions Setup page and change Register via from WAN to LAN VPN for Port1 and Port2 Press OK to save the settings Note Do not set up the Outbound Proxy and Stun Server when calling through VPN 2 Click DialPlan Setup in the VoIP Setup page and add the first and second group of Speed Dial Phone Number ...

Page 207: ...2200V s Web and click VoIP SIP Related Function page SIP related function of 2200V 2 Setup Port 1 This page falls into two sections SIP Set up the SIP Server used for registration Ports Set up the account details After configuration please click OK to save the settings Note Do not set up the Proxy and Stun Server when calling through VPN While in 2200V firmware v2 5 5 4 the Proxy will be active if...

Page 208: ...AN Usage Example 2 Start to dial by using telephones Phone 1 call Phone 2 Press 2901 or 888829 192 168 29 1 Phone 1 call Phone 3 Press 2201 or 888822 192 168 22 1 Phone 2 call Phone 1 Press 3301 Phone 2 call Phone 3 Press 2201 or 192 168 22 1 Phone 3 call Phone 1 Press 3301 Phone 3 call Phone 2 Press 2901 or 192 168 29 1 Note indicates termination of the phone number After pressing VoIP is immedia...

Page 209: ...BX s Outside Lines The usage is the same as that of PSTN line Different PBX has its own settings and required configuration by you Below shows a scenario architecture graph Configuration table between 3300V and 2900V WAN IP Port Number Phone Number Proxy Codec 3300V 220 135 240 207 Port1 FXS 888833 iptel G 729A 2900V 61 31 167 135 Port1 FXS 888829 iptel G 729A Suppose there are two PSTN lines conn...

Page 210: ...tion of the phone number After pressing VoIP is immediately called out Or you may wait 3 seconds if you do not press This example is the intercommunication with one SIP Proxy Server For the applications of Direct IP Call and Intercommunication with different SIP Proxy Servers please refer to VoIP Example 2 Basic Calling Method The VoIP call can also wok with VPN please refer to VoIP Example 3 VoIP...

Page 211: ...3300V s FXO Port 5 to a PSTN line VoIP is seamlessly integrated to PSTN line and allows you to call not only the remote VoIP user but also the remote PSTN user Also the PSTN user can call the VoIP user Below shows a scenario architecture graph Configuration table between 3300V and 2900V WAN IP Port Number Phone Number Proxy Codec Port1 FXS 888833 iptel G 729A 3300V 220 135 240 207 Port5 FXO 888835...

Page 212: ...press the VoIP number 888829 Phone 3 calls Phone 1 Press 12345678 After getting through you will hear the Dial tone then press the VoIP number 888833 Note indicates termination of the phone number After pressing VoIP is immediately called out Or you may wait 3 seconds if you do not press z Connect PBX s Inside Lines The usage is the same as that of common extension Different PBX has its own settin...

Page 213: ...al tone then press the extension 101 Phone 2 calls Phone 4 Press 888835 After getting through you will hear the Dial tone Press outside line 0 then press 87654321 Phone 3 calls Phone 1 Press 888835 After getting through you will hear the Dial tone then press the extension 101 Phone 3 call Phone 4 Press 888835 After getting through you will hear the Dial tone Press outside line 0 then press 8765432...