Draytek Vigor3900 Series, User Manual

Page 1: ...VoIPon www voipon co uk sales voipon co uk Tel 0 330 088 0195 Fax 44 0 1245 808299...

Page 2: ...igor3900 Multi WAN Security Appliance User s Guide Version 2 5 Firmware Version V1 3 0 For future update please visit DrayTek website Date May 23 2017 VoIPon www voipon co uk sales voipon co uk Tel 0...

Page 3: ...rant to the original end user purchaser that the router will be free from any defects in workmanship or materials for a period of two 2 years from the date of purchase from the dealer Please keep your...

Page 4: ...ular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correc...

Page 5: ...to LAN IPSec Tunnel between Vigor3900 and Other Router Main Mode 36 3 7 How to run RDP service in the browser via logging in 3900 s HTTPS Server 39 3 8 How to Configure VPN Load Balance between Vigor...

Page 6: ...ct 229 4 6 5 Country Object 231 4 6 6 Service Type Object 233 4 6 7 Service Type Group 235 4 6 8 Keyword DNS Object 237 4 6 9 File Extension Object 241 4 6 10 APP Object 243 4 6 11 Web Category Object...

Page 7: ...th Limit 399 4 13 USB Application 403 4 13 1 Disk Status 403 4 13 2 FTP Server 404 4 13 3 SAMBA Server 405 4 13 4 Printer 408 4 13 5 Temperature Sensor 409 4 13 6 Modem Support List 411 4 14 System Ma...

Page 8: ...13 Function Support List 487 4 18 Central Management Switch 488 4 18 1 Status 488 4 18 2 Profile 491 4 18 3 Group 495 4 18 4 Maintenance 496 4 18 5 Support List 497 4 19 External Devices 498 4 20 Pro...

Page 9: ...i integrated solutions to SME markets A Virtual Private Network VPN is an extension of a private network that encompasses links across shared or public networks like an Intranet A VPN enables you to s...

Page 10: ...lled and ready USB 1 2 Off No USB device is installed On The Ethernet link is established on corresponding port Blinking The data transmission is done through the corresponding port LNK Off No Etherne...

Page 11: ...iber cable Console Provided for technician use USB1 USB2 Connecter for the USB device Factory Reset Used to restore the default settings Press it and keep for more than 5 seconds When you see the ACT...

Page 12: ...twork The LAN LED for that port on the front panel will light up 3 Connect a server modem router depends on your requirement to any WAN port of Vigor3900 with Ethernet cable RJ 45 The WAN1 to WAN4 LED...

Page 13: ...aches the other side of the chassis After the bracket installation the Vigor3900 Series chassis can be installed in a rack by using four screws for each side of the rack D De es sk kt to op p T Ty yp...

Page 14: ...Vigor3900 Series User s Guide 6 This page is left blank VoIPon www voipon co uk sales voipon co uk Tel 0 330 088 0195 Fax 44 0 1245 808299...

Page 15: ...nto the web browse with default password first 1 Make sure your computer connects to the router correctly Notice You may either simply set up your computer to get IP dynamically from the router or set...

Page 16: ...admin on the field of Original Password Type a new one in the field of New Password and retype it on the field of Confirm Password Then click Apply to continue 6 Now the password has been changed Next...

Page 17: ...om the home page Quick Start Wizard will guide the user to establish LAN interface profile WAN interface profile and select proper protocol for connection The following will explain in more detail for...

Page 18: ...d by your ISP on the web page PPPoE PPPoE stands for Point to Point Protocol over Ethernet It relies on two widely accepted standards PPP and Ethernet It connects users through an Ethernet to the Inte...

Page 19: ...n will appear You can manually assign a static IP address to the WAN interface and complete the configuration by applying the settings Available parameters are listed as follows Item Description IP Ad...

Page 20: ...address configuration click Save to save the setting onto the router Click the icon to remove the selected entry Previous Click it to return to previous setting page Finish Click it to finish the conf...

Page 21: ...ase click Finish I If f P PP PP Po oE E i is s s se el le ec ct te ed d PPPoE stands for Point to Point Protocol over Ethernet It relies on two widely accepted standards PPP and Ethernet It connects u...

Page 22: ...word Type in the password provided by ISP in this field Previous Click it to return to previous setting page Finish Click it to finish the configuration Cancel Click it to discard the settings configu...

Page 23: ...lease select PPTP for this router Next enter the settings provided by your ISP on the web page Available parameters are listed as follows Item Description PPTP Over Usually ISP dynamically assigns IP...

Page 24: ...k it to remove the IP address if you are not satisfied with it DNS Server IP Address To add a new IP address simply place the mouse cursor on this filed The following dialog will appear Add Click this...

Page 25: ...ove settings please click Finish Later you can surf the Internet at any time When the following screen appears it means you have finished the Quick Start Wizard configuration VoIPon www voipon co uk s...

Page 26: ...User Interface of Vigor3900 and click Product Registration 2 A Login page will be shown on the screen Please type the account and password that you created previously And click Login Note If you haven...

Page 27: ...registered to MyVigor website will be displayed in sequence 4 When the following page appears please type in Nick Name for the router and choose the right registration date from the popup calendar it...

Page 28: ...ded to the database Click OK to leave this web page and return to My Information web page 6 Take a look at the page of My Information the new added Vigor3900 is listed under Your Device List VoIPon ww...

Page 29: ...e amount of data that a LAN client can transfer over a period of time This will prevent the router s resources from being taken up by only a few LAN clients We can also create customized Bandwidth Lim...

Page 30: ...Bandwidth Limit for each LAN Client Shared Bandwidth Limit for a group of LAN Clients Go to source target and click icon to set the rule for particular IP address Click Apply to save 3 Bandwidth Limi...

Page 31: ...her unspecified LAN clients 5 We can also enable Smart Bandwidth Limit to restrict the bandwidth of unspecified LAN clients only when their session number is over the threshold 6 Data Flow Monitor can...

Page 32: ...r example P2P applications We can also create customized Session Limit rule for each LAN client This note demonstrates how to set up Session Limit with Vigor3900 1 Go to Bandwidth Management Session L...

Page 33: ...ime Click Apply to save 4 Furthermore you may enable Default Session Limit to apply session limit to all other unspecified LAN clients Enable Default Session Limit Customize your Default Max Sessions...

Page 34: ...will use Vigor3900 as Default Gateway for accessing the Internet However in some cases network administrator would like Vigor3900 to be the DHCP server but use another LAN router as Internet Gateway...

Page 35: ...PC to be able to access the remote VPN network connected through Vigor3900 It requires to specify Vigor3900 s IP as the gateway to remote VPN Network there are two ways to do this a Add Static Route o...

Page 36: ...ogy in Vigor3900 1 Go to NAT Port Redirection click Add to create a profile 2 Edit the profile Give profile name and enable it Select One to One as Port Redirection Mode Select Protocol Enter Public P...

Page 37: ...0 Series User s Guide 29 3 Now we can access the server behind NAT Vigor3900 from Vigor3900 s WAN IP with the specified port VoIPon www voipon co uk sales voipon co uk Tel 0 330 088 0195 Fax 44 0 1245...

Page 38: ...networks or want to have less susceptible to bad routing information you can enable OSPF feature to fit your request Note that both routers must support OSPF function at the same time to build the OS...

Page 39: ...to create a LAN 192 168 1 1 24 profile named lan1 with the settings shown below 2 Next continue to create a LAN 192 168 3 1 24 profile named lan2 with the settings shown below 3 Open LAN Static Route...

Page 40: ...opology diagram C Co on nf fi ig gu ur ra at ti io on n f fo or r V Vi ig go or r3 39 90 00 0 B B 1 Open LAN General Setup to create a LAN 192 168 2 1 24 profile named lan1 with the settings shown bel...

Page 41: ...Add to make the LAN Profiles lan2 area setting as 11 and lan1 area as 11 As shown in the topology diagram C Co on nf fi ig gu ur ra at ti io on n f fo or r V Vi ig go or r2 29 96 60 0 1 Open LAN Gene...

Page 42: ...3 Open LAN Static Route and click the Inter LAN Route tab to enable this profile 4 Open LAN OSPF Configuration to enable this profile Click Add to make the LAN Profiles lan2 area setting as 11 and lan...

Page 43: ...in nf fo or rm ma at ti io on n f fo or r V Vi ig go or r3 39 90 00 0 A A R Ro ou ut ti in ng g i in nf fo or rm ma at ti io on n f fo or r V Vi ig go or r3 39 90 00 0 B B R Ro ou ut ti in ng g i in n...

Page 44: ...Vigor2710 C Co on nf fi ig gu ur ri in ng g V Vi ig go or r3 39 90 00 0 1 Access into the Web User Interface of Vigor3900 and open VPN and Remote Access LAN to LAN Profiles to add a new VPN configura...

Page 45: ...AN First please type the name of such VPN connection in the field of Profile Name e g 3900 Check the box of Enable this profile Choose Dial Out as Call Direction and check the box of Always on 2 For D...

Page 46: ...to complete configuration 4 Please check if the VPN connection is built successfully in both devices respectively For Vigor3900 open VPN and Remote Access IPSec Status for viewing the result As to Vig...

Page 47: ...a protocol designed for secure communications in networks using Microsoft Terminal Services An easy way is provided to establish connection between the router and the RDP Server via any browser 1 Open...

Page 48: ...number and Screen Size as you want then click Apply to save the settings 4 Open User Management User Profile to create a new profile named 7788 Set the Password as 7788 and choose the profile of Win7...

Page 49: ...r both Username and Password 7 A screen like the following figure will appear Simply click the SSL Application link 8 In the following screen click Connect for connecting to Win7 the RDP server VoIPon...

Page 50: ...uide 42 9 After that you can access into Windows 7 via a browser Note the message below the window In which TLS means Transport Layer Security VoIPon www voipon co uk sales voipon co uk Tel 0 330 088...

Page 51: ...Runtime Environment edition 6 but still cannot establish the connection please make sure you have disabled Use TLS 1 0 in the Java Control Panel as figure shown below Then try to connect again VoIPon...

Page 52: ...ing figure Vigor3900 allows users to build VPN load balance connection between Vigor3900 and other router Take Vigor2950 for an example There are two WANs on Vigor2950 and two WANs on Vigor3900 We wil...

Page 53: ...Vigor3900 Series User s Guide 45 2 Create a profile for WAN 1 named 2950WAN1 Type the settings as shown below VoIPon www voipon co uk sales voipon co uk Tel 0 330 088 0195 Fax 44 0 1245 808299...

Page 54: ...00 Series User s Guide 46 3 Click Apply to save the settings and exit the dialog 4 Create a profile for WAN 2 named 2950WAN2 VoIPon www voipon co uk sales voipon co uk Tel 0 330 088 0195 Fax 44 0 1245...

Page 55: ...t and click the Load Balance Pool tab Click Add to add a Load Balance Pool profile 7 The following window will pop up Give a name for the profile 8 Click the Load Balance tab Select the IPSec GRE prof...

Page 56: ...wing settings then click Apply Type the local network IP address and Mask of Vigor3900 as Source IP Address and Source Mask type the network IP and Mask of Vigor2950 as Destination IP Address Destinat...

Page 57: ...g to specify which WAN interface will be used for building VPN connection Choose Dial Out as Call Direction and check the box of Always on For Dial Out Settings please choose IPSec Tunnel and type WAN...

Page 58: ...used by WAN1 of Vigor2950 The second VPN tunnel will be configured for the WAN2 of Vigor2950 Therefore please choose WAN2 Only for VPN Dial Out Through Choose IPSec Tunnel and type the Server IP and P...

Page 59: ...e Load Balance group 4 Type the name e g 3900 of the Load Balance in the field of Profile Name Specify the VPN profiles in Member 1 and Member 2 respectively Then choose Load Balance as the Active Mod...

Page 60: ...3900 Series User s Guide 52 As to Vigor2950 please open VPN and Remote Access Connection Management to confirm the result VoIPon www voipon co uk sales voipon co uk Tel 0 330 088 0195 Fax 44 0 1245 80...

Page 61: ...LAN Tagging technology Below will show how to achieve 50 WANs setup by one Vigor3900 and two VigorSwitch2260s Refer to the following application illustration C Co on nf fi ig gu ur ri in ng g 5 50 0 W...

Page 62: ...igor3900 will ask you to re login 3 Delete default wan profiles for wan3 wan4 and wan5 by selecting the wan profile then click Delete 4 Click Add to add new WANs VoIPon www voipon co uk sales voipon c...

Page 63: ...n1_24 referring to the settings on the left side of the application illustration and wan2_1 wan2_24 referring to the settings on the right side of the application illustration and set them with VLAN I...

Page 64: ...packets while sending it to Port 1 Because general PC or normal network devices do not accept VLAN packets therefore in this example Vigor3900 WAN1 must be connected to VigorSwitch Port 26 for receiv...

Page 65: ...port VLAN Tag While the switch receives packets from Port 1 it will add VLAN Tag 111 to the packets Then Vigor3900 wan1_1 will receive the packets 6 After finishing the configuration for one VigorSwit...

Page 66: ...e upgrade for the CPE can be done through Vigor2830 series 3 3 1 10 0 1 1 C Co on nf fi ig gu ur re e S Se et tt ti in ng gs s o on n V Vi ig go or r3 39 90 00 0 1 Access into the web user interface o...

Page 67: ...cess into the web user interface of the CPE 2 Open a web browser for example IE Mozilla Firefox or Netscape on your computer and type http 192 168 1 1 3 Please type username and password on the window...

Page 68: ...an na ag ge em me en nt t f fo or r C CP PE E 1 Login the web user interface of the CPE 2 Open System Maintenance Management Setup 3 Check Allow management from the Internet to set management access...

Page 69: ...WAN1 to select MPoA RFC1483 2684 Then click Details Page 3 Click Specify an IP address Type correct WAN IP address subnet mask and gateway IP address for your CPE Then click OK Note Reboot the CPE dev...

Page 70: ...en na an nc ce e P Pa ag ge e 1 Return to the web user interface of Vigor3900 2 Open Central VPN Management CPE Management 3 Now there is one CPE managed Vigor2830 by Vigor3900 on the page of CPE Main...

Page 71: ...emote device is managed by Vigor3900 series it is easy to build VPN between these two devices 1 Access into the web user interface of Vigor3900 series 2 Open Central VPN Management CPE Management The...

Page 72: ...CPE you want Click Connect after finished the settings 4 A confirmation dialog will appear Click OK and wait for a moment 5 If VPN is built successfully related information will be displayed on Conne...

Page 73: ...an access into VPN and Remote Access LAN to LAN of the remote device for viewing the detailed information Note The profile name is created automatically by the system Do not modify any value in such p...

Page 74: ...t to o V Vi ig go or r3 39 90 00 0 1 Suppose the newest firmware file is located on your PC You can upload it from your PC to Vigor3900 2 Log into the web user interface of Vigor3900 3 Open System Ma...

Page 75: ...alog click Upload 6 In the Upload dialog click the Browse button to find out the firmware e g 2830_0508 in this case you want to upload from PC to Vigor3900 Then click Upload VoIPon www voipon co uk s...

Page 76: ...900 Series User s Guide 68 7 When the file is uploaded successfully later you will find the one in the File Explorer dialog VoIPon www voipon co uk sales voipon co uk Tel 0 330 088 0195 Fax 44 0 1245...

Page 77: ...pen Central VPN Management CPE Management Click CPE Maintenance In the Maintenance area click Add 2 In the following dialog type the name for the new profile specify the vigor router the file will be...

Page 78: ...nance area 4 Now the new firmware will be loaded into the CPE immediately based on the schedule setting now Note that a red icon will appear during the period of firmware upgrading And in the web user...

Page 79: ...ade of specified CPE has completed 3 3 1 12 2 3 3 C Ch he ec ck k t th he e D De ev vi ic ce e I In nf fo or rm ma at ti io on n 1 Open Central VPN Management CPE Management In the Managed Devices Sta...

Page 80: ...r Vigor3900 s as the backup device s to deliver full routing services during the shutdown of the main Vigor3900 The network administrator can use a Virtual IP e g 192 168 1 100 for both master device...

Page 81: ...bility Global Setup choose Hot Standby as Redundant Method choose Primary as Config Synchronization Rule type draytek as Authentication Key choose Automatic as Advance Preemption Mode Click Apply to s...

Page 82: ...High Availability 3 In the tab of High Availability Global Setup choose Hot Standby as Redundant Method choose Secondary as Config Synchronization Rule type the lan1 IP address configured in router A...

Page 83: ...the HA for router A Primary before router B Secondary Simply open Applications High Availability and click the High Availability Global Setup Locate Enable High Availability Check the box and click Ap...

Page 84: ...2 2 2 Inbound Load Balance allows Vigor3900 acting as a DNS Server to separate the traffic for each WAN interface according to the DNS query time Follow the steps listed below to Configure DNS Inboun...

Page 85: ...NS query time will be three one will pass through WAN1 two will pass through WAN2 4 Click the Detail tab and locate Additional A Record Type www as the name of the Host and type 192 168 1 10 as the IP...

Page 86: ...ourdomain com Address 1 1 1 1 Second DNS query www yourdomain com Server google public dns a google com Address 8 8 8 8 Name www yourdomain com Address 2 2 2 2 Third DNS query www yourdomain com Serve...

Page 87: ...to 10 255 255 255 From 172 16 0 0 to 172 31 255 255 From 192 168 0 0 to 192 168 255 255 W Wh ha at t a ar re e P Pu ub bl li ic c I IP P A Ad dd dr re es ss s a an nd d P Pr ri iv va at te e I IP P A...

Page 88: ...telecommunication service such as DSL Cable modem etc If any connection problem occurred on one of the ISP connections all the traffic will be guided and switched to the normal communication port for...

Page 89: ...existing WAN profile Profile Number Limit Display the total number 50 of the profiles to be created Profile max length 7 Display the profile name Enable Display the status of the profile False means d...

Page 90: ...r Advance mode go to Step 4 directly 2 A confirmation dialog will appear Click OK to apply the related settings for Advance mode 3 Re login the system 4 Open WAN General Setup Click the Add button to...

Page 91: ...MAC Address Specify the MAC address for such profile In default the system will determine it automatically IPv4 Protocol There are several connection modes for you to specify for IPv4 protocol type E...

Page 92: ...rity 802 1p Type the packet priority number for such VLAN The range is from 0 to 7 Apply Click it to save the configuration and exit the dialog Cancel Click it to exit the dialog without saving the co...

Page 93: ...sor on this filed The following dialog will appear Add click this button to have a field for adding a new IP address Save click this button to save the setting click the icon to remove the selected en...

Page 94: ...ending reply to the router or not If not the connection of WAN interface will be regarded as breaking down This function is available when Connection Detection Mode is set with PING or HTTP Save click...

Page 95: ...e and choose it in later web page settings e g NAT Port Redirection DMZ Host Add To add a new IP address click Add Type the IP address and use the drop down list to specify the subnet mask Next click...

Page 96: ...d by the router the connection of WAN interface will be regarded as breaking down Vendor Class ID option 60 It is used to identify the vendor type and the configuration of a DHCP client DHCP Client ID...

Page 97: ...ation and ask you to type the same data on this field Debug Click Enable to display the PPPoE debug message in Syslog The default setting is Disable Always On Enable Click it to enable the function of...

Page 98: ...al period of time for each detecting Connection Detection Retry Assign detecting times to ensure the connection of the WAN interface After passing the times you set in this field and no reply received...

Page 99: ...t to save the configuration and exit the dialog Cancel Click it to exit the dialog without saving the configuration If you choose PPTP as IPv4 protocol type click the PPTP Tab to open the following pa...

Page 100: ...Connection Detection Mode you have to specify the detection host address in this field Use the default setting Add Click this button to have a field for adding a new IP address Assign an IP address or...

Page 101: ...the section of If you choose PPPoE as IPv4 protocol type click the PPPoE Tab to open the following page for detailed information If you choose Static as IPv6 protocol type click the StaticV6 tab to o...

Page 102: ...e the setting click the icon to remove the selected entry Apply Click it to save the configuration and exit the dialog Cancel Click it to exit the dialog without saving the configuration VoIPon www vo...

Page 103: ...this button to have a field for adding a new IP address Save click this button to save the setting click the icon to remove the selected entry Apply Click it to save the configuration and exit the di...

Page 104: ...the Edit button The edit window will appear for you to modify the corresponding settings for the selected rule Refresh Renew current web page Profile Display the profile name Enable Display the statu...

Page 105: ...on Profile Display the name of the USB WAN profile Enable Check it to enable the USB WAN profile Description Give the brief description for such profile Port Display the physical WAN interface for suc...

Page 106: ...Interval Assign an interval period of time for each detecting Connection Detection Retry Assign detecting times to ensure the connection of the WAN interface After passing the times you set in this fi...

Page 107: ...APN means Access Point Name which is provided and required by some ISPs Type the name Modem Dial String Such value is used to dial through USB mode Please use the default value If you have any questi...

Page 108: ...fault Click it to restore the default settings Apply Click it to save and exit the dialog Cancel Click it to exit the dialog without saving anything 4 Enter all the settings and click Apply The modifi...

Page 109: ...mply select the one you want to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the selected rule Delete Remove the selected WAN profile S...

Page 110: ...AN interface LAN VLAN Member Choose a VLAN profile from the drop down list You have to open LAN Switch page and click 802 1Q VLAN for creating VLAN ID number bound with LAN port 802 1Q VLAN profile fi...

Page 111: ...und Load Balance Each item will be explained as follows Item Description Enable Check the box the enable inbound load balance function Add Add a new WAN profile for inbound load balance Edit Modify th...

Page 112: ...s that WAN interface s used Alias Interface Display the WAN interfaces used by the IP alias IP Display the alias IP settings used by the profile Alias Weight Display the weight that the above IP addr...

Page 113: ...N interface profile which will be used by the domain Weight Use the drop down list to choose the one you want Alias Setting The purpose of such setting is to specify a WAN IP address from the WAN inte...

Page 114: ...e Cache TTL Set the negative caching time name error Email Type the e mail address of the administrator NS Record This page is used to specify name server which will be used as DNS server Add Click it...

Page 115: ...t a domain name IPv6 Address Type the IPv6 address of the host Any query concerning of Host will be forwarded to the server selected in Reference for advanced process CNAME Record It is used to record...

Page 116: ...3 3 1 1 8 80 02 2 1 1Q Q V VL LA AN N Packets passing through the WAN interface might be tagged or untagged with VLAN ID number It depends on the setting configured in this page for VLAN ID configured...

Page 117: ...rface selected 4 4 1 1 3 3 2 2 M Mi ir rr ro or r C Co on nf fi ig gu ur ra at ti io on n The administrator can monitor all the packets passing through mirrored port with the mirroring port It is usef...

Page 118: ...t to make the packets passing through it monitored by the administrator Apply Click it to save the configuration Cancel Click it to discard the settings configured in this page VoIPon www voipon co uk...

Page 119: ...click the Edit button to modify the settings A pop up window will appear for you to change the settings Interface Display the name of WAN interface Enable Check it to enable such interface Speed Use...

Page 120: ...saving anything Refresh Renew current web page Interface Display the name of the WAN port on the router Enable Display the status of the profile False means disabled True means enabled Duplex Display...

Page 121: ...uter has a built in DHCP server that assigns private IP address to each local host 4 4 2 2 1 1 G Ge en ne er ra al l S Se et tu up p This page allows you to configure general settings for PCs in LAN N...

Page 122: ...the profile False means disabled True means enabled Description Display the brief explanation for the LAN profile VLAN ID Display the VLAN ID configured for the LAN profile IPv4 Protocol Display the I...

Page 123: ...e the description for the new LAN profile VLAN ID Type a number as the VLAN ID to make the data be identified while performing data transmission Priority 802 1q Type the packet priority number for suc...

Page 124: ...s down Connection Detection Interval It is available when ARP is selected as Connection Detection Mode Assign an interval period of time for each detecting Connection Detection Retry It is available w...

Page 125: ...ption will be seen in DHCP reply packets Add Click it to add a new DHCP option profile Save Click it to save the setting DHCP Option Use the drop down list to choose the one you want Value Type the co...

Page 126: ...s defined by the address prefix fe80 10 You don t need to setup Link Local address manually for it is generated automatically according to your MAC Address Static This type allows you to setup static...

Page 127: ...ed as follows Item Description Edit Modify the selected LAN profile To edit a profile simply select the one you want to modify and click the Edit button The edit window will appear for you to modify t...

Page 128: ...server DHCP Server IP Type the IP address of DHCP Server DHCP Relay Agent IP Type the IP address of DHCP Relay Agent Apply Click it to save and exit the dialog Cancel Click it to exit the dialog witho...

Page 129: ...3 I In nt te er r L LA AN N R Ro ou ut te e To make the users in different LAN communicating with each other please check the box to enable Inter LAN route function VoIPon www voipon co uk sales voipo...

Page 130: ...to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the selected rule Refresh Renew current web page Profile Display the name of the LAN p...

Page 131: ...ertisement Lifetime Type a value for advertisement lifetime The lifetime associated with the default router in units of minutes ranging from 10 150 It is used to control the lifetime of the prefix A l...

Page 132: ...dify the corresponding settings for the selected rule Refresh Renew current web page Profile Display the name of the LAN profile Enable Display the status of the profile False means disabled True mean...

Page 133: ...e Enable Check this box to enable this profile Mode Choose Automatic Setting or Manual Setting Automatic Setting It is not necessary to configure Start IP End IP and DNS setting The system will assign...

Page 134: ...If this field is blank users on LAN will treat Vigor3900 as the DNS server Add Click it to add a new IP address for DNS server Save Click it to save the setting click the icon to remove the selected e...

Page 135: ...t need an ADSL modem There are several advantages of using PPPoE connections on the LAN Firstly the PPPoE server can secure the LAN PC connections with username password authentication Secondly it ca...

Page 136: ...fresh Specify the interval of refresh time to obtain the latest status The information will update immediately when the Refresh button is clicked MAC Address Display the MAC address of the client s ho...

Page 137: ...ternet Access Concentrator AC Name Type the name which will be reported as the access concentrator name Service Name Type a specific string for authentication It causes the named service to be adverti...

Page 138: ...nterfaces for DHCP server DHCP Server IP Address Set the IP address of the DHCP server you are going to use so DHCP Relay can help to forward the DHCP request to the DHCP server Apply Click it to save...

Page 139: ...twork by application or department For instance in the enterprise a company might create one VLAN for multimedia users and another for e mail users or a company might have one VLAN for its Engineering...

Page 140: ...ofile with the VLAN ID number is tagged or untagged H Ho ow w t to o a ad dd d a a n ne ew w 8 80 02 2 1 1Q Q V VL LA AN N p pr ro of fi il le e 1 Open LAN Switch and click the 802 1Q VLAN tab 2 Click...

Page 141: ...he settings and click Apply The new profile will be added on the screen 4 4 2 2 3 3 2 2 M Mi ir rr ro or r Vigor3900 supports port mirroring function in LAN interfaces This mechanism helps manager tra...

Page 142: ...x to enable the Mirror function for the switch Mirroring Port Select a port to view traffic sent from mirrored ports Mirrored Port Select which port is necessary to be mirrored Refresh Renew current w...

Page 143: ...window will appear for you to change the settings Refresh Renew current web page Interface Display the profile name of the interface Enable Display the status of the profile False means disabled True...

Page 144: ...ch profile Flow Control Click Enable to enable such function When the data cache is approaching to full load Vigor router will pause transmitting the packets till the system is able to accept new data...

Page 145: ...ve on IP Bind List Select All Allow you to choose all the items listed in ARP Table Move Move the selected item to IP Bind List Refresh It is used to refresh the ARP table When there is one new PC add...

Page 146: ...one Import Click it to import an IP bind to MAC information e g 123 txt obtained from other Vigor router and to be applied by Vigor3900 Profile Display the name of the profile IP Address Display the I...

Page 147: ...r the specified MAC address MAC Type the MAC address that is used to bind with the assigned IP address Comment Type a brief description for such profile Apply Click it to save and exit the dialog Canc...

Page 148: ...database with domain name which is easy to be accessed Each item will be explained as follows Item Description Add Add a new VLAN ID setting Edit Modify the selected VLAN ID setting To edit VALN ID se...

Page 149: ...ured for such profile Alias Domain Name Display the alias domain name for such profile Mapping Display the IP address that domain name and domain name alias will be mapped to Applied to Display which...

Page 150: ...in name alias domain name When you choose FORWARD you need to type the IP address of DNS server as the mapping target IP Address Type the IP address in this field Then the above domain and or alias do...

Page 151: ...te network interface based on the following web page setup In the Routing group click the Load Balance Pool option This page allows the user to integrate several WAN profiles as a pool profile specifi...

Page 152: ...Balance rule Primary Profile Display the primary profile configured in Failover page for such profile Backup Profile Display the backup profile configured in Failover page for such profile There are t...

Page 153: ...e Available parameters are listed as follows Item Description Profile Type the name of the profile Mode Choose Load Balance as the Mode selection Interface Click Add A new line for adding new entry wi...

Page 154: ...e Choose Backup as the Mode selection Available parameters are listed as follows Item Description Profile Type the name of the profile Mode Choose Backup as the Mode selection Primary Profile In defau...

Page 155: ...to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the selected rule Delete Remove the selected static route setting To delete a static ro...

Page 156: ...this box to enable such profile Destination IP Address Type the IP address for such static route profile Subnet Mask Use the drop down list to choose the subnet mask for such static route profile Gat...

Page 157: ...ete Remove the selected static route setting To delete a static route setting simply select the one you want to delete and click the Delete button Refresh Renew current web page Rename Allow to modify...

Page 158: ...ic route profile Enable Check this box to enable such profile Destination IP Address Type the IP address for such static route profile Prefix Length Type the prefix length for such profile Nexthop Typ...

Page 159: ...new static route setting Edit Modify the selected static route setting To edit static route setting simply select the one you want to modify and click the Edit button The edit window will appear for y...

Page 160: ...me of the static route profile Enable Check this box to enable such profile WAN Profile Choose one of the WAN USB profiles of the gateway for such profile LAN Profile Choose one of the LAN profiles fo...

Page 161: ...in order to force the traffic going to dedicate network interface Strict Bind Through dedicated interface WAN LAN the data can be sent from the source IP to the destination IP Address Mapping Allows...

Page 162: ...e priority of such rule Protocol Display the protocol of such rule Time Objects Display the name of time object Service Type Objects Display the name of service type Source Display the name of the sou...

Page 163: ...ble such profile Priority Choose the priority for such profile top high and normal Protocol Choose a protocol ALL TCP UDP TCP UDP and ICMP for such rule applied to load balance All is the default sett...

Page 164: ...Subnet is selected as Destination Type IP Address Type an IP address here as the destination IP address for such rule Subnet Mask Use the drop down list on the right to choose a suitable mask for the...

Page 165: ...ng will be used for such route rule Use IP Alias Click Enable to enable such function Or click Disable to disable such function When Enable is chosen choose an alias WAN IP address to replace the defa...

Page 166: ...you choose LAN as out going interface Mode Specify which mode NAT or Routing will be used for such route rule Use IP Alias Click Enable to enable such function Or click Disable to disable such functi...

Page 167: ...r such route rule Failover to the Next Rule When the specified interface disconnects due to some reason the router can use next route rule to perform data transmission automatically Click Enable to en...

Page 168: ...h policy route to perform data transmission When target When certain IP or domain connects successfully or fails to connect for several seconds Vigor router will treat the selected interface as discon...

Page 169: ...mple you might configure settings as Out going Rule User Defined Out going interface wan1 Failover Enable when target 8 8 8 8 ping Fail for 5 seconds Then it means even if wan1 connects to network alw...

Page 170: ...dress of the NAT host will be mapped into either 202 211 100 10 or 203 98 200 10 which IP or mapping is decided by the internal load balancing algorithm With address mapping feature you can manually c...

Page 171: ...following page set main WAN IP address as 202 211 100 10 Click Add on IP Alias to configure the other IP address which is 202 211 100 11 4 After finished configuration for WAN1 continue to configure...

Page 172: ...Apply to save the settings 6 Open Routing Policy Route and click Add to create a new profile 7 In the following page check the box of Enable Choose Object as the Source Type and choose IP range object...

Page 173: ...above configuration you have specified the outgoing IP address es for some specific computers Now you bind some specific computers to some WAN IP alias for outgoing traffic VoIPon www voipon co uk sal...

Page 174: ...The following figure shows a simple application of load balance WAN1 and WAN2 can be used to access into Internet The PC in LAN1 can send the data to the remote PC through the specified WAN1 1 Access...

Page 175: ...Balance Pool as Out going Rule choose WAN1 as the Load Balance Rule click Disable for Failover to Next Rule 4 After finished the above settings click Apply to save the configuration Now any packets f...

Page 176: ...ic cy y R Ro ou ut te e A LAN to LAN VPN tunnel is built between DrayTek VPN router e g Vigor3900 and the remote router Enterprise firewall router in Headquarter can control the all of the traffic com...

Page 177: ...ce IP address with 172 16 3 25 choose User Defined as Out going Rule choose lan1 as the Out going Interface type 192 168 1 2 as the Out going Gateway and click Disable for Failover to Next Rule 4 Afte...

Page 178: ...ce Pool Name Display the WAN profiles for user to choose as a default route In which wan1 to wan5 are factory default settings Auto Failover to Active WANs Enable Check it to let the network connectio...

Page 179: ...it will choose a correct route based on the method of Distance Vector Routing and use the Bellman Ford algorithm to calculate the routing table RIP can update the routing table automatically and find...

Page 180: ...metric It is suitable for large network and complicated data exchange Vigor 3900 supports up to OSPF version 2 only for IPv4 The Autonomous System AS used in OSPF indicates the largest entity and can...

Page 181: ...several areas Each area must be assigned with a dedicated number Note For the detailed information of OSPF application refer to section 3 2 How to Configure OSPF Apply Click it to save the settings C...

Page 182: ...0 255 255 255 255 or 0 4294967295 for that profile If you are not satisfied the settings simply click to remove the entry and then re type the settings 5 Click Apply to save the settings and exit the...

Page 183: ...her BGP routers Define the IP address AS number for the router is essential for TCP connection of BGP routing information exchange AS the abbreviation of Autonomous System is a group interconnected wi...

Page 184: ...the Neighbor tab in Routing BGP configuration Neighbor IP Display the neighbor IP address configured successfully in the Neighbor tab in Routing BGP configuration Neighbor AS Display the autonomous s...

Page 185: ...r a router in an autonomous system In an OSPF autonomous system routers on both ends cannot be set with same router IDs Static Networks Define the IP addresses forming network range which allow to be...

Page 186: ...modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the selected rule Delete Remove the selected profile To delete a profile simply select the...

Page 187: ...follows Item Description Profile Type the name of the profile Enable Check the box to enable this profile Neighbor IP Address Type the private IP used for this profile Autonomous System number Type t...

Page 188: ...esses to a globally routable IP address so that local hosts can communicate with the router and access the Internet 4 4 4 4 1 1 P Po or rt t R Re ed di ir re ec ct ti io on n Port Redirection means po...

Page 189: ...u want to delete and click the Delete button Move Up Change the order of selected profile by moving it up Move Down Change the order of selected profile by moving it down Rename Allow to modify the se...

Page 190: ...the private port H Ho ow w t to o a ad dd d a a n ne ew w P Po or rt t R Re ed di ir re ec ct ti io on n p pr ro of fi il le e 1 Open NAT Port Redirection 2 Simply click the Add button 3 The followin...

Page 191: ...ublic Port End It is available when Range to One or Range to Range port or Range to Range IP is selected as Port Redirection Mode Type the starting ending number of the public port For Range to One se...

Page 192: ...server may keep average workload and the network will not become slowly or interrupted due to large traffic Each item will be explained as follows Item Description Add Add a new server load balance p...

Page 193: ...isplay the WAN interface of this profile IP Alias Display the selected WAN IP address Port Display the port value used by WAN interface H Ho ow w t to o a ad dd d a a n ne ew w s se er rv ve er r l lo...

Page 194: ...network inserted as a neutral zone between a company s private network and the outside public network It prevents outside users from getting direct access to company network A DMZ is an optional and...

Page 195: ...you want to delete and click the Delete button Rename Allow to modify the selected profile name Refresh Renew current web page Profile Display the name of the profile Enable Display the status of the...

Page 196: ...lias that can be selected and used for port redirection Before using it please go to WAN General Setup and enable the wan1 profile Add several IP addresses under Static mode for wan1 DMZ Host IP Type...

Page 197: ...to such profile Apply Click it to save and exit the dialog Cancel Click it to exit the dialog without saving anything 4 Enter all the settings and click Apply 5 A new profile has been added onto DMZ H...

Page 198: ...P message and RTP packets of voice being transmitting and receiving correctly via NAT Available parameters are listed as follows Item Description Enable SIP ALG Check the box to enable the Mirror func...

Page 199: ...2 H H 3 32 23 3 A AL LG G The H 323 ALG allows incoming and outgoing VoIP calls passing through NAT If required check the box and click Apply to save the settings VoIPon www voipon co uk sales voipon...

Page 200: ...as follows Item Description TCP Timeout Set a time limit for sessions established by TCP except Port 80 and Port 443 UDP Timeout Set a time limit for sessions established by UDP TCP WWW Timeout Set a...

Page 201: ...onfigure the Firewall Users can select IP Filter DoS Defense MAC Block and Port Block options from Firewall menu The DoS Defense facility can detect and mitigate the DoS attacks 4 4 5 5 1 1 F Fi il lt...

Page 202: ...wn Profile Number Limit Display the total number of the profiles to be created Group Display the name of the IP filter group profile Enable Display the status of the profile False means disabled True...

Page 203: ...create filter rule by clicking on the left side of the selected IP filter group profile A setting page will appear for you to add new IP filter rule profile 7 Move your mouse to click Add 8 The follow...

Page 204: ...not match further rules will be dropped Accept If No Further Match A packet matching the rule and that does not match further rules will be passed through Connection Limit Limiting the number of pack...

Page 205: ...rt Syslog File Input Interface Choose one of the LAN or WAN profiles as data receiving interface Output Interface Choose one of the LAN or WAN profiles as data transmitting interface Time Schedule Tim...

Page 206: ...display the profile selection box Choose one or more object profiles from the drop down list The selected profile will be treated as source target You can click to create another new object profile or...

Page 207: ...Enter all the settings and click Apply 10 A new IP filter rule has been added under the IP Filter Group named IPF_Market in this case Note You can create multiple IP filter rules under a certain IP F...

Page 208: ...he Delete button Refresh Renew current web page Move Up Change the order of selected profile by moving it up Move Down Change the order of selected profile by moving it down Profile Number Limit Displ...

Page 209: ...for the profile Apply Click it to save and exit the dialog Cancel Click it to exit the dialog without saving anything 4 Enter all of the settings and click Apply 5 A new filter group has been added 6...

Page 210: ...m Description Profile Type the name of the IP filter rule Enable Check the box to enable this profile Action The action to be taken when packets match the rule Block Packets matching the rule will be...

Page 211: ...er new time object profile Time Group Click the triangle icon to display the profile selection box Choose a schedule group profile to be applied on such rule You can click to create another new time g...

Page 212: ...n target You can click to create another new IP object profile Apply Click it to save and exit the dialog Cancel Click it to exit the dialog without saving anything 9 Enter all of the settings and cli...

Page 213: ...u to modify the corresponding settings for the selected rule Delete Remove the selected profile To delete a rule simply select the one you want to delete and click the Delete button Move Up Change the...

Page 214: ...red rectangle Available parameters are listed as follows Item Description Profile Type the name of the application filter profile Enable Check the box to enable this profile Syslog Click Enable to mak...

Page 215: ...les from the drop down list The selected object will be filtered by the router when such application filter profile is applied You can click to create another new object profile or click the edit icon...

Page 216: ...Modify the selected profile To edit a profile simply select the one you want to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the select...

Page 217: ...into the blocked web page Disable Type the message manually to display on the page that the user tries to access into the blocked web page Default Web Category Administration Message Such field is av...

Page 218: ...the System Maintenance Syslog Mail Alert Syslog File Time Schedule Time Object Click the triangle icon to display the profile selection box Choose a schedule profile to be applied on such application...

Page 219: ...play the profile selection box Choose e one or more keyword object profiles from the drop down list which will be allowed not be allowed to pass through the router You can click to create another new...

Page 220: ...ew current web page Move Up Change the order of selected profile by moving it up Move Down Change the order of selected profile by moving it down Rename Allow to modify the selected profile name Profi...

Page 221: ...tion Profile Type the name of the QQ filter profile Enable This Profile Check the box to enable this profile Time Profile Use the drop down list to specify a time profile for such profile You can clic...

Page 222: ...ul lt t P Po ol li ic cy y Default policy will be applied to all of the incoming packets if IP Filter Application Filter URL Web Category Filter and QQ Filter are not suitable for the incoming packets...

Page 223: ...on Disable No inspection will be performed Enable Packet inspection will be performed Packets Number If Packet Inspection is enabled choose a packet number for filtering Available settings are from 4...

Page 224: ...oming from unknown unicast storm Unknown Multicast Storm Defense Click Enable to block the packets attacks coming from unknown multicast storm Storm Filtering Rate Type a number 1 4096 unit of 64Kpbs...

Page 225: ...hin the user defined timeout period ICMP Flood Threshold The default setting for threshold is 250 packets per second ICMP Flood Timeout The default setting for timeout is 10 seconds Block UDP Flood Cl...

Page 226: ...ny broadcast UDP packets received from the Internet are blocked Block Tear Drop Click Enable to activate the Block Tear Drop function This attack involves the perpetrator sending overlapping packets t...

Page 227: ...ou to modify the corresponding settings for the selected rule Delete Remove the selected profile To delete a rule simply select the one you want to delete and click the Delete button Rename Allow to m...

Page 228: ...Check the box to enable this profile MAC Address Type the MAC address which will be blocked by the system for such profile Apply Click it to save and exit the dialog Cancel Click it to exit the dialo...

Page 229: ...ply click the tab of IP Filter IPv6 Filter Application Filter or URL Web Category Filter to get the status for each filter If there is no data counter number is 0 for certain rule displayed on such pa...

Page 230: ...es based on IP service type keyword file extension instant message application P2P application protocol application web category QQ application time setting SMS service mail service and notification T...

Page 231: ...profile simply select the one you want to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the selected rule Delete Remove the selected pro...

Page 232: ...e address type Single Range Subnet for such profile Start IP Address Type the IP address of the starting point for such profile End IP Address Type the IP address of the ending point for such profile...

Page 233: ...Edit button The edit window will appear for you to modify the corresponding settings for the selected rule Delete Remove the selected profile To delete a rule simply select the one you want to delete...

Page 234: ...iption Make a brief explanation for such profile if the group name is set not clearly Objects Use the drop down list to check the IP object profiles under such group All the available IP objects that...

Page 235: ...e Remove the selected profile To delete a rule simply select the one you want to delete and click the Delete button Refresh Renew current web page Profile Number Limit Display the total number 200 of...

Page 236: ...ffix Allow to specify suffix for IPv6 IP address Address Pool This field allows you to type IP address specify Tag number and type subnet mask based on IPv6 protocol Tag is an optional field only used...

Page 237: ...o modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the selected rule Delete Remove the selected profile To delete a rule simply select the...

Page 238: ...en the mouse cursor is on it Choose a suitable mask selection Apply Click it to save the configuration Vendor Edit Click it to open a table of vendor list Check the one s you want The names for select...

Page 239: ...nd click the Edit button The edit window will appear for you to modify the corresponding settings for the selected rule Delete Remove the selected profile To delete a rule simply select the one you wa...

Page 240: ...heck the box es for the country countries to be blocked by Firewall Apply Click it to save the configuration Cancel Click it to exit the dialog without saving anything 4 Enter all of the settings and...

Page 241: ...file To delete a rule simply select the one you want to delete and click the Delete button Refresh Renew current web page Profile Number Limit Display the total number 96 of the object profiles to be...

Page 242: ...lable for TCP UDP protocol It can be ignored for ICMP Type a port number 0 65535 as the ending source port Destination Port Start It is available for TCP UDP protocol It can be ignored for ICMP Type a...

Page 243: ...mply select the one you want to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the selected rule Delete Remove the selected profile To de...

Page 244: ...yped here is 10 Description Type some words to describe such group Objects Use the drop down list to check the service type object profiles under such group All the available service type objects that...

Page 245: ...t Modify the selected profile To edit a profile simply select the one you want to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the sele...

Page 246: ...ing as Contents When you browse the webpage the page with gambling information will be watched out and be passed blocked based on the configuration on Firewall settings Add Type the word in the box of...

Page 247: ...elete Remove the selected profile To delete a rule simply select the one you want to delete and click the Delete button Refresh Renew current web page Profile Number Limit Display the total number 100...

Page 248: ...the box of Member and click this button to add the new word as DNS object Save Click it to save the setting Click the icon to remove the selected entry Apply Click it to save the configuration Cancel...

Page 249: ...ettings for the selected rule Delete Remove the selected profile To delete a rule simply select the one you want to delete and click the Delete button Refresh Renew current web page Profile Number Lim...

Page 250: ...file extension you need Audio Several file extensions for Audio offered for you to choose Use the drop down list to check the box es to select the file extension you need Java Several file extensions...

Page 251: ...gnature Upgrade configuration page APP Support List APP Support List will display all of the applications with versions supported by Vigor router They are separated with types of IM P2P Protocol and O...

Page 252: ...imply click the Add button 3 The following dialog will appear Click IM to get the following page People like to use Instant Message to communication with friends on line just for fun or just because i...

Page 253: ...lly for the ones who always upload or download improper files to Internet P2P object setting lists all of the point to point application for you to choose to block Choose the one s you want to block a...

Page 254: ...Others to get the following page Item Description Tunneling Streamin g Remote Control Web HD Several protocols offered for you to choose Check the one s you want to add for such profile 4 Enter all o...

Page 255: ...with your DrayTek dealer Note 1 Web Content Filter WCF is not a built in service of Vigor router but a service powered by Commtouch If you want to use such service trial or formal edition you have to...

Page 256: ...play the items under certain category that you choose to block Chatting Display the items under certain category that you choose to block Computer Display the items under certain category that you cho...

Page 257: ...isit Chatting Simply check the one s that you don t want the user to use for gossip with remote people Computer Simply check the one s that you don t want the user to visit Other Simply check the one...

Page 258: ...After finishing the activation for the trial version of WCF remember to purchase Silver Card for WCF service from your DrayTek dealer or distributor VoIPon www voipon co uk sales voipon co uk Tel 0 3...

Page 259: ...s for the selected rule Delete Remove the selected profile To delete a rule simply select the one you want to delete and click the Delete button Refresh Renew current web page Profile Number Limit Dis...

Page 260: ...rofile Add Click this button to add a new account Save Click this button o save the new account Click this button to remove the selected account Description Type a brief explanation for the QQ object...

Page 261: ...ected profile To delete a rule simply select the one you want to delete and click the Delete button Refresh Renew current web page Profile Number Limit Display the total number 16 of the object profil...

Page 262: ...e drop down list to select the object profiles under such group All the available objects that you have added on Objects Setting QQ Object will be seen here To clear the selected one click to remove c...

Page 263: ...ected rule Delete Remove the selected profile To delete a rule simply select the one you want to delete and click the Delete button Refresh Renew current web page Profile Number Limit Display the tota...

Page 264: ...rofile The number of the characters allowed to be typed here is 10 Frequency Specify how often Weekdays or Once the schedule will be applied Start Date Specify the starting date of the time object pro...

Page 265: ...it a profile simply select the one you want to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the selected rule Delete Remove the selecte...

Page 266: ...o be typed here is 10 Description Make a brief explanation for such profile if the group name is set not clearly Objects Use the drop down list to check the time object profiles under such group All t...

Page 267: ...profile To delete a rule simply select the one you want to delete and click the Delete button Refresh Renew current web page Profile Number Limit Display the total number 10 of the object profiles to...

Page 268: ...vice provider which offers SMS service Username Type a user name that the sender can use to register to selected SMS provider The maximum length of the name you can set is 31 characters Password Type...

Page 269: ...and click the Edit button The edit window will appear for you to modify the corresponding settings for the selected profile Delete Remove the selected profile To delete a rule simply select the one yo...

Page 270: ...Add button 3 The following dialog will appear Available parameters are listed as follows Item Description Profile Type a name for such SMS profile The maximum length of the name you can set is 20 cha...

Page 271: ...il service object profile has been created 4 4 6 6 1 18 8 N No ot ti if fi ic ca at ti io on n O Ob bj je ec ct t This page allows you to set ten profiles which will be applied in Application SMS Mail...

Page 272: ...splay if such function is enabled or disabled Router Reboot Display if such function is enabled or disabled Syslog Display if such function is enabled or disabled H Ho ow w t to o c cr re ea at te e a...

Page 273: ...stem will send the alert message to the recipient CPU Usage Enable When the CPU usage reaches a certain value the router system will send the alert message to the recipient Memory Usage Enable When th...

Page 274: ...Se et tt ti in ng g Such page is used to set the limit value for CPU Memory TX RX When CPU Memory TX RX usage reaches the threshold the router system will send the alert message to the recipient VoIP...

Page 275: ...an na ag ge em me en nt t User Management can manage all the accounts user profiles to connect to Internet via different protocols Below shows the menu items for User Management VoIPon www voipon co u...

Page 276: ...which only works after you choose HTTP or HTTPS as the Mode setting on General Setup page of User Management Web Portal Refer to section 4 7 1 2 General Setup to get more detailed information of setti...

Page 277: ...gs of web portal function Available parameters will be explained as follows Item Description Web Portal Click Enable to enable such function Use LAN DNS Choose one of the LAN DNS profile Login Mode Th...

Page 278: ...e It is available when Bulletin Board is enabled and HTTP HTTPS is selected as Login Mode It is used to determine showing bulletin in web portal login page or not Allow non HTTP traffic before Portal...

Page 279: ...specify the service provider which offers SMS service SMS Button Name It is a button with short message which will appear to remind the user that SMS is allowed to get username and password for acces...

Page 280: ...abled Type that time setting HH MM for the router to force online user leaving Vigor router Fully Recharge Time Quota After It is available when Daily Logout is enabled The time quota of all local use...

Page 281: ...e when Enable is selected in Upload Bulletin Message Choose a file to upload to Vigor3900 Bulletin Message It is available when Disable is selected in Upload Bulletin Message The bulletin message is s...

Page 282: ...4 7 7 2 2 U Us se er r P Pr ro of fi il le e This function allows to configure all accounts user profiles in Vigor3900 including PPTP L2TP SSL PPPoE System user and so on 4 4 7 7 2 2 1 1 U Us se er r...

Page 283: ...play the status of the profile False means disabled True means enabled System User Display the status of the System User False means disabled True means enabled Allow Web Portal Login Display the stat...

Page 284: ...ow FTP Server Login Display if FTP Server Login is activated enable or disable or not Allow SMABA Server Login Display if SMABA Server Login is activated enable or disable or not Allow Radius Server L...

Page 285: ...erate the function of the router as the administrator of the router False Choose it to disable the function of System User Such user profile does not have the right to operate the router s function Tr...

Page 286: ...phone e g e759bb6f0e94c7ab4fe6 SSL Proxy It is available when System User is set with false The web proxy over SSL will be applied for VPN To clear the selected one click to remove current object sel...

Page 287: ...fic that the user used Reset Click it to reset the setting to default value 0 MAC Binding Specify a MAC address which is limited and used for such PPPoE account Enable Click it to enable the function...

Page 288: ...ick it to enable the time quota function for all user profiles Modify Time Quota Value Check the box to configure detailed setting You have to check this box and type the time quota value in Time Quot...

Page 289: ...ogin Status Check the box to configure detailed setting Enable Click it to enable the SAMBA server authentication function all user profiles Apply to All Apply all of the modifications to all user pro...

Page 290: ...t Manually Auto generated with regularity Password Distinct password created by Administrator Randomly generated and the length is defined by Administrator Max Simultaneous users per account 1 255 or...

Page 291: ...P Address Click Apply to save the settings 5 Open User Management Guest Profile and click the Mass Guest Generator tab to open the following page Type the Group Name in this case Room Guest Name Prefi...

Page 292: ...roup to check the Mass User account Group By clicking each account e g choose 1001 and click Edit we can check the information for this account and we may also modify the account name and password man...

Page 293: ...Administrator is able to Export the information for the whole group to a csv file which is useful to redistribute the account and password combinations to guests VoIPon www voipon co uk sales voipon c...

Page 294: ...on Type Check IP object named of Boss to put it into the white list and this will allow this IP address to access to the Internet without authentication 8 After finishing configuration Vigor3900 will...

Page 295: ...Vigor3900 Series User s Guide 287 For Employees to access into Internet For Room guest to access into Internet VoIPon www voipon co uk sales voipon co uk Tel 0 330 088 0195 Fax 44 0 1245 808299...

Page 296: ...ton The edit window will appear for you to modify the corresponding settings for the selected rule Delete Remove the selected profile To delete a rule simply select the one you want to delete and clic...

Page 297: ...roup Type the name of such profile Enable Check this box to enable such profile Member Use the drop down list to check the user profile s under such group To clear the selected one click to remove cur...

Page 298: ...Remove the selected profile To delete a rule simply select the one you want to delete and click the Delete button Refresh Renew current web page Clean Deadline Renew the usage time designated for such...

Page 299: ...ck Enable to enable such option Usage Time min Determines the connection time allowed for accessing Internet every time The default setting is 180 minutes When the time is up the user will be forced t...

Page 300: ...d click Apply 5 A new guest group profile has been created 6 You can create several guest names by clicking on the left side of the selected guest group profile A setting page will appear for you to a...

Page 301: ...scription for the guest Apply to Web Portal Enable Click it to make such profile being applied to web portal Disable Click it to disable the option Clean Deadline The guest profile can be unlocked to...

Page 302: ...ated as the starting number for generating mass guest profiles Note The range of Start index is 1 10000 Number to Generate Type the total number of guests to be generated at one time The guest name wi...

Page 303: ...ng the time with the format of HH MM SS Max Simultaneous Login It means the maximum online number of clients logging with this profile The range is from 1 to 255 1 means no limit 0 means No access App...

Page 304: ...authentication Available parameters are listed as follows Item Description Enable Check this box to enable such profile Use Local Radius Server Enable Choose it to use local RADIUS server for user au...

Page 305: ...interface can be authenticated by Vigor RADIUS server Port Clients can use the specified port number to exchange RADIUS information Authentication Client Only the clients specified in this field can...

Page 306: ...apply LDAP to search or list the directory object inquire or manage the active directory Available parameters are listed as follows Item Description Add Add a new profile Edit Modify the selected prof...

Page 307: ...is set with Regular Mode Logout After min Display the maximum usage duration for RADIUS authentication H Ho ow w t to o c cr re ea at te e a a n ne ew w L LD DA AP P A Ac ct ti iv ve e D Di ir re ec...

Page 308: ...common name identifier for the LDAP server The common name identifier for most LDAP server is cn Base DN It means Base Distinguished Name Type the distinguished name used to look up entries on the LD...

Page 309: ...you will be able to use the registered domain name to access the router or internal virtual servers from the Internet It is particularly helpful if you host a web server FTP server or other server beh...

Page 310: ...w current web page Auto Refresh Specify the interval of refresh time to obtain the latest status The information will update immediately when the Refresh button is clicked Profile Display the name of...

Page 311: ...nt WAN profile used by such DDNS profile Routing Policy Display the routing policy used by such DDNS profile Service Provider Display the name of service provider used by such profile Service Type Dis...

Page 312: ...profile will apply to Routing Policy Choose a routing policy applied to the DDNS profile selected wan first The DDNS profile will be applied to the traffic via WAN interface first then applied to oth...

Page 313: ...rofile Wildcard and Backup MX The Wildcard and Backup MX features are not supported for all Dynamic DNS providers You could get more detailed information from their websites Mail Extender Type the IP...

Page 314: ...DNS security is able to ensure that the incoming data is not falsified and the source of the data is secure and correct to prevent from DNS attack by someone Available parameters are listed as follow...

Page 315: ...that unsigned replies are allowed in those zones The cost of this is more upstream queries and slower performance Enable It will check if the unsigned DNS replies are unsigned or not Disable The unsig...

Page 316: ...d as follows Item Description Enable Check this box to enable GVRP function Interface Choose LAN and or WAN profiles To clear the selected one click to remove current object selections Join Time Defin...

Page 317: ...le in NAT mode Downstream Use the drop down list to specify the LAN profile as the destination of data coming from WAN interface defined in IGMP Proxy Channel IGMP via PPPoE Enable In LAN the PC which...

Page 318: ...ide the associated support for MSN Messenger to allow full use of the voice video and messaging features Available parameters are listed as follows Item Description Enable Check this box to enable UPn...

Page 319: ...ponent failure and the availability of backup resources The complexity of HA is determined by the availability needs and the tolerance of system interruptions Systems provide nearly full time availabi...

Page 320: ...one and take over the service While in the standby status the secondary nodes are still mirrored the configuration of primary in real time thus the whole systems are assured of having identical config...

Page 321: ...to save the settings 2 Set the value for Manual Mode Threshold After passing the time configured in Manual Mode Threshold if the system detects no master router existing then Manual Preemption Status...

Page 322: ...en the Master device fails one of the backup devices will be chosen by priority as the Master device to offer the network service for the connected PCs Available parameters are listed as follows Item...

Page 323: ...each access point in LAN will participate in different high availability sessions All the WAN interfaces can be active which provide more flexible utilization of network service When LAN1 in Router A...

Page 324: ...st status The information will update immediately when the Refresh button is clicked Profile Number Limit Display the total number 3 of the object profiles to be created Profile Display the name of th...

Page 325: ...router to identify which Master will be backed up Role LAN profiles configured for HA application can run independently and will not interfere with each other Therefore LAN1 Backup of router A can be...

Page 326: ...ty of Vigor router in HA application The less the number is the higher the priority shall be The router with the highest priority will be treated as the Master device in HA application IP Display the...

Page 327: ...you to wake up the bound IP If you choose Wake by MAC Address you have to type the correct MAC address of the host in MAC Address boxes If you choose Wake by IP Address you have to choose the correct...

Page 328: ...e profile To delete a profile simply select the one you want to delete and click the Delete button Refresh Renew current web page Profile Display the name of the profile Enable Display the status of p...

Page 329: ...one of the LAN profiles The computers specified in the selected LAN profile will be waken up remotely Apply Click it to save the configuration and exit the page Cancel Click it to exit the dialog with...

Page 330: ...corresponding settings for the selected profile Refresh Renew current web page Index Display the index number from 1 to 10 of the profile Enable Display the status of the profile False means disabled...

Page 331: ...the SMS provider object profile from the drop down list Such profiles can be created from Object Setting SMS Service Object Recipient Type the cell phone number to receive the SMS Notify Profile Choo...

Page 332: ...Refresh Renew current web page Index Display the index number from 1 to 10 of the profile Enable This Profile Display the status of the profile False means disabled True means enabled Mail Profile Dis...

Page 333: ...for receiving the mail Notify Profile Choose a profile specify the timing for sending SMS from the drop down list Such profiles can be created from Object Setting Notification Object Send A Test Mail...

Page 334: ...ta between two computers across a shared or public network in a manner that emulates the properties of a point to point private link Below shows the menu items for VPN and Remote Access 4 4 9 9 1 1 V...

Page 335: ...em Description Type Specify which protocol PPTP IPsec SSL will be used for such VPN profile VPN Settings Via Select From Current Settings Current VPN LAN to LAN profiles will be listed below such sett...

Page 336: ...as the Type you will get the following screen Available parameters are listed as follows Item Description Profile Display the name of the VPN profile Enable This Profile Check this box to enable such...

Page 337: ...ype the LAN IP address and LAN subnet mask for the remote host Route NAT Mode Specify the purpose for such profile Netbios Naming Packet Enable Click it to have an inquiry for data transmission betwee...

Page 338: ...ce Usually use the default setting leave it in blank Remote Host Type the WAN IP address for the remote host Remote IP Subnet Mask Type the LAN IP address and LAN subnet mask for the remote host More...

Page 339: ...encrypted and authenticated Choose AH to specify the IPSec protocol for the Authentication Header protocol The data will be authenticated but not be encrypted DPD Delay DPD means dead peer detection I...

Page 340: ...ype the IP address and subnet mask of local host Remote IP Subnet Mask Type the LAN IP address and LAN subnet mask for the remote host Route NAT Mode Specify the purpose for such profile Netbios Namin...

Page 341: ...figure VPN settings for VPN server Such wizard will guide to set the LAN to LAN profile for VPN dial in connection step by step H Ho ow w t to o c cr re ea at te e L LA AN N t to o L LA AN N p pr ro o...

Page 342: ...low such setting Choose the one you need Create New VPN Profile It allows you to create a new VPN LAN to LAN profile Simply type the name in the field of Profile Name The field of Profile Name is avai...

Page 343: ...cal host Remote IP Subnet Mask Type the LAN IP address and LAN subnet mask for the remote host Netbios Naming Packet Enable Click it to have an inquiry for data transmission between the hosts located...

Page 344: ...Specify the gateway for WAN interface Usually use the default setting leave it in blank Remote Host Type the WAN IP address for the remote host Remote IP Subnet Mask Type the LAN IP address and LAN su...

Page 345: ...Security Protocol Choose ESP to specify the IPSec protocol for the Encapsulating Security Payload protocol The data will be encrypted and authenticated Choose AH to specify the IPSec protocol for the...

Page 346: ...mote host Netbios Naming Packet Enable Click it to have an inquiry for data transmission between the hosts located on both sides of VPN Tunnel while connecting Disable When there is conflict occurred...

Page 347: ...ng 4 Fill in the required information on this page and click Finish A pop up window will appear 5 Click OK Then return to VPN and Remote Access VPN Server Wizard The new added VPN server profile will...

Page 348: ...igor Router to allow VPN tunnel pass through Available parameters are listed as follows Item Description Enable PPTP L2TP VPN Service Enable SSL Tunnel IPsec Service Check the box es to enable the ser...

Page 349: ...scription Authenticate Protocol The router will authenticate the dial in user with the protocol selected here PAP It means the router will attempt to authenticate dial in users with the PAP protocol C...

Page 350: ...DHCP request to the DHCP server PPTP MSS Type the maximum segment size MSS for PPTP VPN tunnel NetBIOS Naming Packet Pass Click it to have an inquiry for data transmission between the hosts located on...

Page 351: ...mpt to authenticate dial in users with the CHAP protocol User Authentication Type Set user authentication to Local server or RADIUS server LDAP profiles Choose a LDAP profile for PPTP Server if LDAP i...

Page 352: ...his page Enter all the settings and click Apply 4 4 9 9 4 4 3 3 S SS SL L V VP PN N This page display current status for VPN tunnel built with SSL protocol Available parameters are listed as follows I...

Page 353: ...via VPN Some programs might send multicast packets via VPN connection Pass Click this button to let multicast packets pass through the router Block This is default setting Click this button to let mu...

Page 354: ...for IPSec network address translator traversal NAT T traffic IPsec MSS Type the port number for IPSec MSS Apply Click it to save the configuration Cancel Click it to discard the settings configured i...

Page 355: ...WAN interface selected for the profile Local IP Subnet Mask Display the LAN IP address with subnet mask of this profile Remote Host Display the name of the remote host of this profile Remote IP Subnet...

Page 356: ...t Through Choose a wan profile to be used by such profile Failover to Choose a wan profile which will lead the data passing through other WAN automatically when the selected WAN interface in Dial Out...

Page 357: ...available for Aggressive Mode enabled only Remote Peer ID Peer ID is on behalf of the IP address while identity authenticating with remote VPN server The length of the ID is limited to 47 characters...

Page 358: ...ll send the DPD packet to each other to ensure the IPSec tunnel connection is active still Disable Click it to disable DPD DPD Delay The keep alive timer A Hello message will be emitted periodically w...

Page 359: ...block data transmission of Netbios Naming Packet inside the tunnel Multicast via VPN Some programs might send multicast packets via VPN connection Enable Click this button to let multicast packets pa...

Page 360: ...alue is used for the remote client to authenticate the source of the packet The length is 4 bytes The Proposal tab lists encryption and authentication algorithms to be negotiated with the remote IPsec...

Page 361: ...the configuration Cancel Click it to exit the page without saving configuration Multiple SAs will negotiate IPSec SAs in IKE phase 2 to establish multiple IPSec tunnels for each subnet routing Config...

Page 362: ...to delete and click the Delete button Refresh Renew current web page Profile Number Limit Display the total number 200 of the object profiles to be created Profile Display the name of LAN to LAN prof...

Page 363: ...g always on Dial Out Through Choose a wan interface to be used by such profile Then use the default WAN IP or specify a WAN Alias IP for VPN tunnel Failover to Choose a wan profile which will lead the...

Page 364: ...a transmission of Netbios Naming Packet inside the tunnel Multicast via VPN Some programs might send multicast packets via VPN connection Enable Click this button to let multicast packets pass through...

Page 365: ...rofile To delete a profile simply select the one you want to delete and click the Delete button Refresh Renew current web page Profile Number Limit Display the total number 200 for PPTP 50 for SSL of...

Page 366: ...reated in User Management User Profile previously Local IP Subnet Mask Type the IP address and subnet mask of local host Remote IP Subnet Mask Type the LAN IP address and LAN subnet mask for the remot...

Page 367: ...cription Add Add a new profile Edit Modify the selected profile To edit a profile simply select the one you want to modify and click the Edit button The edit window will appear for you to modify the c...

Page 368: ...owing dialog will appear Available parameters are listed as follows Item Description Profile Display the name of the profile Enable Check this box to enable this profile WAN Interface Specify a WAN in...

Page 369: ...Robin and Fastest Binding Tunnel Policy mechanism allows users to encrypt the data in transmission or specified service function in transmission and define specified VPN Tunnel for having effective ba...

Page 370: ...ply select the one you want to delete and click the Delete button Refresh Renew current web page Profile Number Limit Display the total number 32 of the profiles to be created Profile Display the name...

Page 371: ...e Access VPN Profiles to create a new VPN profile with GRE function enabled first Weight Type a value in such field Failover Primary Interface Backup Interface Use the drop down list to specify the VP...

Page 372: ...button Refresh Renew current web page Profile Number Limit Display the total number 128 of the profiles to be created Profile Display the name of the profile Enable Display the status of the profile F...

Page 373: ...name of the profile Enable Check this box to enable such profile Protocol Choose the protocol for such profile Source IP Address Type the source IP address specified for this profile Source Mask Type...

Page 374: ...IPsec VPN PPTP SSL connection PPTP Click it to perform PPTP VPN connection Profile This filed displays the profile configured in LAN to LAN with Index number and VPN Server IP address The VPN connecti...

Page 375: ...8 2 2 H Hi is st to or ry y This page displays the history of VPN connection Each item will be explained as follows Item Description VPN Display the name of VPN profile Type Display the connection typ...

Page 376: ...icates Remember to adjust the time of Vigor router before using the certificate so that you can get the correct valid period of certificate Below shows the menu items for Certificate Management Local...

Page 377: ...to the router Generate Open another web page for generating the local certificate Name Display the name of trusted CA built Subject Display the subject of the trusted CA built Issuer Display the issu...

Page 378: ...tificate There are four types Domain Name Certificated by domain name IP Certificated by IP address Email Certificated by email address None Do not enter an ID value ID Value The ID value is determine...

Page 379: ...sphrase Such string will be used for confirmation while signing remote CA It is similar to a password but generally it is longer for security Apply Click it to create a new local certificate based on...

Page 380: ...r you specified above H Ho ow w t to o u up pl lo oa ad d a a l lo oc ca al l c ce er rt ti if fi ic ca at te e 1 Open Certificate Management Local Certificate 2 Click Upload to open the following dia...

Page 381: ...as follows 5 Click Upload The system will start to upload the selected file 4 4 1 10 0 2 2 T Tr ru us st te ed d C CA A C Ce er rt ti if fi ic ca at te e This page allows you to build a RootCA certif...

Page 382: ...CA mode type the required information and choose the required file e g Key Passphrase Key File PKCS12 Password and PKCS12 File Later click Upload on the dialog to upload the file onto Vigor router Del...

Page 383: ...w w t to o b bu ui il ld d a a t tr ru us st te ed d C CA A c ce er rt ti if fi ic ca at te e 1 Open Certificate Management Trusted CA Certificate 2 Simply click the Build RootCA button 3 The followin...

Page 384: ...to exit the web page without saving the configuration 4 Enter all the settings and click Apply 5 A new RootCA Certificate has been created 4 4 1 10 0 3 3 R Re em mo ot te e C Ce er rt ti if fi ic ca...

Page 385: ...to download an existing certificate to the router Sign Allow you to sign a requested certificate Name Display the name of remote certificate built Subject Display the subject of remote certificate bui...

Page 386: ...11 1 1 1 S SS SL L W We eb b P Pr ro ox xy y SSL Web Proxy will allow the remote users to access the internal web sites over SSL Each item will be explained as follows Item Description Add Add a new...

Page 387: ...erver Host IP Address If you type function variation as URL you have to type corresponding IP address in this filed Such field must match with URL setting Apply Click it to save the configuration Canc...

Page 388: ...esh Renew current web page Profile Number Limit Display the total number 30 of the profiles to be created Profile Display the name of the profile that you create IP Address Display the IP address for...

Page 389: ...cify the port used for this protocol The default setting is 5900 Scaling Chose the percentage 100 80 60 for such application Apply Click it to save the configuration Cancel Click it to exit the page w...

Page 390: ...select the one you want to delete and click the Delete button Refresh Renew current web page Profile Number Limit Display the total number 30 of the profiles to be created Profile Display the name of...

Page 391: ...rotocol Port Specify the port used for this protocol Screen Size Chose the screen size for such application Apply Click it to save the configuration Cancel Click it to exit the page without saving the...

Page 392: ...m will be explained as follows Item Description Auto Refresh Specify the interval of refresh time to obtain the latest status The information will update immediately when the Refresh button is clicked...

Page 393: ...ion of finite bandwidth resources to network or servers for supporting timing sensitive and mission critical network applications such as VoIP Voice over IP and online gaming applications Differentiat...

Page 394: ...ted profile Refresh Renew current web page WAN Display the WAN interface used for QoS Outgoing Status Display bandwidth for the outgoing data is enabled or disabled Outgoing Bandwidth Display the tota...

Page 395: ...it to disable the QoS profile Bandwidth Type the number as the total transmission rate for the outgoing incoming data The range can be set from 64000 to 10000000 Click the unit Kbps or Mbps for such r...

Page 396: ...s supported by Software QoS Available parameters are listed as follows Item Description WAN Use the drop down list to choose the WAN interface to apply hardware QoS Status Enable Click it to enable Qo...

Page 397: ...he one you want to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the selected profile Delete Remove the selected profile To delete a pro...

Page 398: ...ay the queue number that such filter is categorized H Ho ow w t to o a ad dd d a a Q Qo oS S r ru ul le e p pr ro of fi il le e 1 Open Bandwidth Management QoS Rule 2 Simply click the Add button 3 The...

Page 399: ...is the lowest Local Address Click on the left side of the Source IP Object Source IP Group profile Check the object profile s as the source target Local IP Object Use the drop down list to choose one...

Page 400: ...eck the object profile s as the destination target Remote IP Object Use the drop down list to choose one of the destination IP objects for such rule profile Remote IP Group Use the drop down list to c...

Page 401: ...ptions TCP UDP and TCP UDP Select the protocol that you want to use Source Port Start End Type the start end number for the port range of the source port for such filter Destination Port Start End Typ...

Page 402: ...he process of data transmission Each item will be explained as follows Item Description Enable Enable Click it to enable VoIP QoS function SIP UDP Port Set a port number used for SIP Apply Click it to...

Page 403: ...erver on ISP Each item will be explained as follows Item Description Enable Enable Click it to enable DSCP Re Tag function High Medium Normal Low There are four queues allowed for QoS control Use the...

Page 404: ...t Modify the selected profile To edit a profile simply select the one you want to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the sele...

Page 405: ...e Type the message manually to display on the page that the user tries to access into the blocked web page Default Connection Limit Administration Message Such field is available when you disable the...

Page 406: ...create another new time object profile Time Group Click the triangle icon to display the profile selection box Choose a schedule group profile to be applied on such rule You can click to create anoth...

Page 407: ...u to modify the corresponding settings for the selected profile Delete Remove the selected profile To delete a profile simply select the one you want to delete and click the Delete button Move Up Chan...

Page 408: ...ed of the downstream Enable Smart Bandwidth Limit Check this radio button to configure the default limitation for bandwidth for any LAN IP not included in the Limitation List Session Threshold When se...

Page 409: ...r the specific limitation you set for each index Do not type the value with 0 otherwise the profile cannot be saved RX Limit Kbps Define the limitation for the speed of the downstream If you do not se...

Page 410: ...Profile User Group LDAP Group Guest Group profiles from the drop down list The selected profile will be treated as source target You can click to create another new object profile Service target Clic...

Page 411: ...uter can be seen from USB Application Modem Support List For network connection via USB modem refer to WAN General Setup for detailed information 4 4 1 13 3 1 1 D Di is sk k S St ta at tu us s This pa...

Page 412: ...storage disk first At present the Vigor router can support USB storage disk with versions of FAT16 32 and EXT2 3 only Therefore before connecting the USB storage disk into the Vigor router please make...

Page 413: ...and the FTP server The default setting is 10 4 4 1 13 3 3 3 S SA AM MB BA A S Se er rv ve er r SAMBA server offers the file sharing service for users through a specified file folder Any user who want...

Page 414: ...w t to o a ad dd d e ed di it t a a S SM MA AB BA A f fo ol ld de er r p pr ro of fi il le e 1 Open USB Application SMABA Server and click SAMBA Folder tab 2 Click the Add button For an existed profil...

Page 415: ...e users sharing the SAMBA service to read and write the file stored under the sharing folder If Specific Users is selected you have to additionally specify Read Only User and Read Write User Read Only...

Page 416: ...State Auto It s the default setting Vigor router will detect if the connected device is printer or not If yes the printer server will be enabled automatically to activate the printer Enable The print...

Page 417: ...ar it is important to ensure that your server or data communications equipment are not overheating due to cooling system failures The inclusion of a USB thermometer in compatible Vigor routers will co...

Page 418: ...limit Type the upper limit and lower limit for the system to send out temperature alert Calibration Type a value used for correcting the temperature error Temperature Alert Time Interval The default...

Page 419: ...od de em m S Su up pp po or rt t L Li is st t Such page provides the information about the brand name and model name of the USB modems which are supported by Vigor router VoIPon www voipon co uk sales...

Page 420: ...rade and APP Support List Below shows the menu items for System Maintenance 4 4 1 14 4 1 1 T TR R 0 06 69 9 4 4 1 14 4 1 1 1 1 T TR R 0 06 69 9 This device supports TR 069 standard It is very convenie...

Page 421: ...Click Enable to make the log message being recorded by Syslog Periodic Status The default setting is Enable Please set periodic time for VigorACS to send notification to CPE Or click Disable to close...

Page 422: ...check this box Then type the server IP address server port minimum keep alive period and maximum keep alive period respectively Server Address Type the IP address of the STUN server Server Port Type t...

Page 423: ...the router Each item will be explained as follows Item Description Original Password Type the old password New Password Type the new password Confirm Password Re type the new password for confirmatio...

Page 424: ...rd Type a password for encrypting the file Confirm Password Retype the password for confirmation Encode Password in Config Choose it to encrypt the password information in configuration file Backup Ty...

Page 425: ...or decrypting the file for restoring it for use next time Password Type a password for encrypting the file Confirm Password Retype the password for confirmation Restore Type Choose one of the types to...

Page 426: ...reboot the router 4 4 1 14 4 3 3 3 3 A An na al ly ys si is s Such analysis page will show user defined settings result In comparing the default settings with information displayed in this page it wil...

Page 427: ...sL Lo og g F Fi il le e This page displays all the operation logs for the router Available parameters are listed as follows Item Description Refresh Renew the web page Download Log Save or open the Sy...

Page 428: ...le the function of log to USB USB Syslog Keep Days Type the days that USB disk will keep the log without deleting Router Name Type the name of the router The default name is Vigor Server IP Host Name...

Page 429: ...listed as follows Item Description Enable Check the box to enable such profile Mail From Type a mail address for the mail sender Mail To Assign a mail address for the mail receiver Add Click this but...

Page 430: ...login event VPN Mail Alert Enable Vigor router sends a mail as an alert to inform VPN connection Disable Vigor router does not send any mail to inform VPN connection Send A Test Mail Click it to send...

Page 431: ...me Type NTP Select to inquire time information from Time Server on the Internet using assigned protocol Browser Select this option to use the browser time from the remote administrator PC host as rout...

Page 432: ...user interface Disable No validation will be done when a user tries to log into the web user interface of Vigor router Fail Times to Trigger It is available when Use Validation Code is enabled The nu...

Page 433: ...you enable such function the system can be managed by these three IP addresses via WAN IP List Type the first IP address for the system administrator to login The former boxes indicate the IP address...

Page 434: ...ing the router from LAN interface Management Port Setup Web Port Type the port number for the management through web page Telnet Port Type the port number for the management through telnet page SSH Po...

Page 435: ...times allowed for a group of user account and password trying to login Vigor router Penalty Time This field is used to configure the blocking time The default setting is 60 seconds It means when a us...

Page 436: ...the box to make information related to access control recorded on Syslog PPTP IPsec Web HTTPS SSH Telnet FTP Access Barrier The port number used by these protocols always became the target attacked b...

Page 437: ...s private Default Host IP Mask Click Enable to use the default IP and mask of the host as the SNMP agent If you click Disable you need to type the IP address and choose the mask manually in related fi...

Page 438: ...reboot the router using the current configuration choose Reboot with Current Configurations and click Reboot To reset the router settings to default values click Reboot with Factory Default Configurat...

Page 439: ...ble Schedule Reboot and choose a time object from the drop down list of Schedule Time Object After clicking Apply Vigor router will reboot at the specified time Available parameters are listed as foll...

Page 440: ...e End Date Display the ending date of the profile End Time Display the ending time of the profile Weekdays Display which day in a week shall perform the reboot job H Ho ow w t to o a ad dd d a a s sc...

Page 441: ...page Download the newest firmware from DrayTek s web site or FTP site The DrayTek web site is www DrayTek com or local DrayTek s web site and the FTP site is ftp DrayTek com Click System Maintenance F...

Page 442: ...e firmware upgrade 4 4 1 14 4 9 9 2 2 A Au ut to o F Fi ir rm mw wa ar re e U Up pg gr ra ad de e By clicking Check Update Install Update Vigor router can download upgrade firmware directly from websi...

Page 443: ...nd install the newest firmware version automatically Notify me when new firmware is available If it is enabled after detecting the newest firmware from the website Vigor router s system will automatic...

Page 444: ...patch version on local system Server Patch Version Display the latest patch version on DrayTek MyVigor server Server Patch Information Display detailed patch information Upgrade from Server Check Upda...

Page 445: ...grade_auto 1 Success Your firmware is up to date and need not to patch 4 4 1 14 4 1 10 0 A AP PP P S Si ig gn na at tu ur re e U Up pg gr ra ad de e The APP object profile adopted by Vigor router will...

Page 446: ...there is any newest signature available for use If yes Vigor router will download the newest signature from the website to the host Vigor router automatically Install Update If the signature informat...

Page 447: ...newest information automatically Server Choose a proper server for signature upgrade from the drop down list At present only two servers myvigor draytek com or myvigoreu draytek com are supported Sys...

Page 448: ...for the user to review related information 4 4 1 15 5 1 1 R Ro ou ut ti in ng g T Ta ab bl le e Click Diagnostics and click Routing Table to open the web page 4 4 1 15 5 1 1 2 2 R Ro ou ut ti in ng g...

Page 449: ...up H target is a host G use gateway R reinstate route for dynamic routing D dynamically installed by daemon or redirect M modified from routing daemon or redirect A installed by addrconf C cache entr...

Page 450: ...The system will display the records relating to the keyword Destination Display the destination IP address for various routings Next Hop Display the next hop address for such route Flags Display the f...

Page 451: ...shows a mapping between an Ethernet hardware address MAC Address and an IP address 4 4 1 15 5 2 2 1 1 A AR RP P C Ca ac ch he e T Ta ab bl le e Each item will be explained as follows Item Description...

Page 452: ...lear Delete the selected profile IP Object Click the Add button to add a new IP object for such 4 4 1 15 5 2 2 2 2 I IP Pv v6 6 N Ne ei ig gh hb bo or r T Ta ab bl le e Each item will be explained as...

Page 453: ...e to verify its reachability DELAY The neighbor is no longer to be reachable and the traffic has recently been sent to the neighbor Rather than probe the neighbor immediately however delay sending pro...

Page 454: ...on Refresh Renew the web page Search Move the mouse cursor onto the box of Search Click the mouse button and type the keyword inside the box The system will display the records relating to the keyword...

Page 455: ...r onto the box of Search Click the mouse button and type the keyword inside the box The system will display the records relating to the keyword Interface Display the interface used by the DHCP server...

Page 456: ...ype the keyword inside the box The system will display the records relating to the keyword Source Display the source IP address and port of local PC Destination Display the destination IP address and...

Page 457: ...AN profile WAN Use the drop down menu to choose a WAN profile Apply Click it to save the configuration configured under the Setup tab CPU Click the CPU tab There are three selections provided for you...

Page 458: ...7 days Recent 4 Weeks Display the information of LAN operation about recent 4 weeks WAN Click the WAN tab Network Interface Display the information of WAN operation There are three selections provide...

Page 459: ...of the host in the box and click Start The result of route trace will be shown on the screen Each item will be explained as follows Item Description Ping TraceRoute Click Ping to perform ping function...

Page 460: ...lows Item Description Enable Dataflow Monitor Check this box to enable dataflow monitor performed by the router Refresh Click it to renew the web page Chart Click this button to illustrate data chart...

Page 461: ...e Display the rate of data received TX Rate Display the rate of data transmitted RX byte Display the file size of data received TX byte Display the file size of data transmitted 4 4 1 15 5 9 9 2 2 S S...

Page 462: ...ll be used to capture the packets The default setting is All Host Port Type the IP address of the host or the post number that you want to monitor Start Click it to capturing the packets and display t...

Page 463: ...U Us se er r S St ta at tu us s This page displays related information of user status PPPoE Server User Management VPN Connection Management and SSL Proxy for reference VoIPon www voipon co uk sales v...

Page 464: ...aged 4 4 1 16 6 1 1 G Ge en ne er ra al l S Se et tu up p General Setup is used to configure settings which will be used by the clients to register to such Vigor router Click the tabs of General Setup...

Page 465: ...cond The range is from 60 86400 Apply Click it to save the configuration Cancel Click it to discard the settings configured in this page 4 4 1 16 6 1 1 2 2 V VP PN N G Ge en ne er ra al l S Se et tu u...

Page 466: ...igured in this page 4 4 1 16 6 2 2 C CP PE E M Ma an na ag ge em me en nt t All the CPEs managed by Vigor3900 can be seen with icons from this page 4 4 1 16 6 2 2 1 1 C CP PE E M Ma ai in nt te en na...

Page 467: ...or the CPE managed by Vigor3900 Edit To modify the name and location of specific CPE click the one you want and click the Edit button A pop up window will appear Simply change the name for identificat...

Page 468: ...the one you want to retrieve and click Restore Later the selected one will appear on the Managed Devices Status area again Maintenance This area displays all the profiles which are created for applyi...

Page 469: ...s Display the day s chosen for such profile Filename Display the filename of the firmware Status Display current status of the profile has been finished or not Refer to sections How to manage the CPE...

Page 470: ...eated profile Usually the name of the device will be assigned by Vigor3900 automatically If you want to give a name easy for easy recognition refer to 4 11 2 1 CPE Maintenance to specify another name...

Page 471: ...date specified below every week Start Date End Date It is available only when Once is selected as Schedule Specify the starting date ending date with the format YYYY MM DD Start Time End Time It is a...

Page 472: ...gh Vigor3900 for more detailed information If the VPN isn t established successfully a red line will appear instead PPTP To build a quick VPN connection with PPTP simply click the remote CPE waiting f...

Page 473: ...Note If the VPN connection has been established successfully a new LAN to LAN profile will be created for the CPE automatically See the following example Keep VPN Settings To avoid the VPN be disconne...

Page 474: ...sfully the basic information such as the connection type IP address RX RX will be displayed on this field Refresh Click it to refresh current page VPN Display the name of the VPN Type Display the type...

Page 475: ...Management VPN CPE Management and click the tab of Map 4 4 1 16 6 3 3 L Lo og g A Al le er rt t The Log page offers brief information to identify the CPE connected to Vigor3900 The Alert page offers b...

Page 476: ...mulated signal strength L Lo oa ad d B Ba al la an nc ce e f fo or r A AP P The parameters configured for Load Balance can help to distribute the traffic for all of the access points registered to Vig...

Page 477: ...y to browse on network for PC users and mobile users Menu items related to AP are General Setup Dashboard Status WLAN Profile Rogue AP Total Traffic Event Log Station Number AP Maintenance Traffic Gra...

Page 478: ...rt Type a port number for HTTP The default value is 9080 HTTPS Allow Click Enable to activate the HTTPS setting HTTPS Port Type a port number for HTTPS The default value is 9443 Username Type a userna...

Page 479: ...nformation for the VigorAP managed by Vigor3900 Available parameters are listed as follows Item Description Status Display current status connected or disconnected of the managed AP Device Name The na...

Page 480: ...he selected wireless access point Version Display the firmware version used by the access point Config Click it to open the configuration page of the selected VigorAP The device name Login username an...

Page 481: ...Display the name of the profile The default profile cannot be renamed Main SSID Display the SSID configured by such wireless profile Security Display the security mode selected by such wireless profi...

Page 482: ...It allows you to modify an existing wireless profile or create a new wireless profile Apply to Device Click it to apply the selected wireless profile to the specified Access Point Simply choose the de...

Page 483: ...of the selected profile 2 Click the Edit button to display the following page Note The function of Auto Provision is available for the default WLAN profile 3 After finished the general settings config...

Page 484: ...pen the following page for 5G wireless security settings 5 When you finished the above web page configuration click Finish to exit and return to the first page The modified WLAN profile will be shown...

Page 485: ...tatus page will be displayed based on the type Friendly Rogue Unknown of access points That is only the selected type Friendly Rogue Unknow will be shown on this page However if unknown is selected Vi...

Page 486: ...selected AP be classified as unknown AP Ch Display the channel used by the detected access point SSID Display the SSID specified for the detected access point BSSID Display the MAC address of the det...

Page 487: ...nt log for all of the APs managed by Vigor router will be shown on this page It is useful for troubleshooting if required Each item will be explained as follows Item Description Refresh Click it to re...

Page 488: ...WLAN or 5G WLAN used by wireless clients to access into Internet through VigorAP 4 4 1 17 7 9 9 A AP P M Ma ai in nt te en na an nc ce e Vigor router can execute configuration backup configuration res...

Page 489: ...the firmware upgrade of the selected AP reboot the selected AP remotely and perform the factory reset for the selected AP File Path Specify the file and the path which will be used to perform Config R...

Page 490: ...11 1 L Lo oa ad d B Ba al la an nc ce e The parameters configured for Load Balance can help to distribute the traffic for all of the access points registered to Vigor router Thus the bandwidth will no...

Page 491: ...t to specify the traffic limit for uploading Download Limit Use the drop down list to specify the traffic limit for downloading Action when Threshold Exceeded Stop accepting new connections When the a...

Page 492: ...Display a brief description e g ground roof of the AP Map Online APs Display the number of VigorAP configured and powered up Total APs Display the total number of VigorAP configured Clients Display t...

Page 493: ...supported for floor plan Next Click it to go to the next configuration page Cancel Click it to cancel the configuration 2 Click Next The configuration page with floor plan will be shown on the web pa...

Page 494: ...ist to the map on the left side 4 Check the box of Show AP Coverage on 5GHz 2 4 to display the signal coverage area 5 Adjust the AP on the map to find out which place can have the best wireless covera...

Page 495: ...the Client tab to list the AP management functions that the Access Points support under different firmware versions Click the Server tab to list the AP management functions that Vigor router supports...

Page 496: ...pen configuration pages in new designed web pages They are suitable and easy to browse on network for PC users and mobile users Menu items related to Switch are Status Profile Group Maintenance and Su...

Page 497: ...rmation for accessing password configuration of VigorSwitch is wrong or Telnet service is disabled Switch Name Display the name of VigorSwitch Group Display the name of the group IP Address Display th...

Page 498: ...igorSwitch Model Display the model name of VigorSwitch Firmware Version Display the firmware version that VigorSwitch current used Account It is used to change the password for accessing into VigorSwi...

Page 499: ...icon means the VigorSwitch does connect to Vigor3900 and is managed by Vigor3900 Grey icon means Vigor3900 is detecting such VigorSwitch still Red icon means Vigor3900 cannot access it to get status...

Page 500: ...are Version Display the firmware version that VigorSwitch current used Account It is used to change the password for accessing into VigorSwitch Add The one under New Switch List is allowed to be manag...

Page 501: ...to Device Current setting will be saved Meanwhile the configuration in VigorSwitch also will be rewritten immediately Type new values and click Send to Device for saving the configurations Then click...

Page 502: ...Vigor3900 Series User s Guide 494 VoIPon www voipon co uk sales voipon co uk Tel 0 330 088 0195 Fax 44 0 1245 808299...

Page 503: ...t a switch group Available settings are explained as follows Item Description Group Name Type a name as the group name Different switches can be classified within a group Existing Switch Display all o...

Page 504: ...ned as follows Item Description Action Type Five actions including configuration backup configuration restore configuration restore to router and switch remote reboot and factory reset are offered by...

Page 505: ...7 4 4 1 18 8 5 5 S Su up pp po or rt t L Li is st t This page lists all models of VigorSwitch which can be managed by Vigor3900 via Switch Management VoIPon www voipon co uk sales voipon co uk Tel 0 3...

Page 506: ...dress Display the MAC address of the external product IP Address Display the IP address of the external product Connection Time Display the connection time that the external product connecting to Vigo...

Page 507: ...4 4 2 20 0 P Pr ro od du uc ct t R Re eg gi is st tr ra at ti io on n Please refer to section 2 3 Register Vigor Router for more detailed information VoIPon www voipon co uk sales voipon co uk Tel 0...

Page 508: ...Vigor3900 Series User s Guide 500 This page is left blank VoIPon www voipon co uk sales voipon co uk Tel 0 330 088 0195 Fax 44 0 1245 808299...

Page 509: ...If all above stages are done and the router still cannot run normally it is the time for you to contact your dealer for advanced help 5 5 1 1 C Ch he ec ck ki in ng g I If f t th he e H Ha ar rd dw w...

Page 510: ...s listed below to make sure the network connection settings is OK F Fo or r W Wi in nd do ow ws s The example is based on Windows XP As to the examples for other operation systems please refer to the...

Page 511: ...ernet Protocol Version 4 TCP IP and then click Properties 5 Select Obtain an IP address automatically and Obtain DNS server address automatically Finally click OK VoIPon www voipon co uk sales voipon...

Page 512: ...e click on the current used Mac OS on the desktop 2 Open the Application folder and get into Network 3 On the Network screen select Using DHCP from the drop down list of Configure IPv4 VoIPon www voip...

Page 513: ...s 1 Open the Command Prompt window from Start menu Run 2 Type command for Windows 95 98 ME or cmd for Windows NT 2000 XP Vista 7 The DOS command dialog will appear 3 Type ping 192 168 1 1 and press E...

Page 514: ...SP P S Se et tt ti in ng gs s a ar re e O OK K o or r N No ot t Open Online Status to check current network status Be careful to check if the settings coming from your ISP have been typed correctly o...

Page 515: ...ngs before you pressing The password of the factory default is null S So of ft tw wa ar re e R Re es se et t You can reset router to factory default via Web page Go to System Maintenance and choose Re...

Page 516: ...k If the router settings are correct at all and the router still does not connect to internet please contact your ISP technical support representative to help you for configuration Also if the router...