Draytek Vigor 3220 SERIES User Manual Download Page 301 | Manualshive

Page: 301 / 708

background image

Vigor2832 Series User’s Guide

289

S

S

t

t

a

a

t

t

e

e

f

f

u

u

l

l

P

P

a

a

c

c

k

k

e

e

t

t

I

I

n

n

s

s

p

p

e

e

c

c

t

t

i

i

o

o

n

n

(

(

S

S

P

P

I

I

)

)

Stateful inspection is a firewall architecture that works at the network layer. Unlike legacy
static packet filtering, which examines a packet based on the information in its header,

stateful inspection builds up a state machine to track each connection traversing all
interfaces of the firewall and makes sure they are valid. The stateful firewall of Vigor router

not only examines the header information also monitors the state of the connection.

D

D

e

e

n

n

i

i

a

a

l

l

o

o

f

f

S

S

e

e

r

r

v

v

i

i

c

c

e

e

(

(

D

D

o

o

S

S

)

)

D

D

e

e

f

f

e

e

n

n

s

s

e

e

The DoS Defense functionality helps you to detect and mitigate the DoS attack. The attacks

are usually categorized into two types, the flooding-type attacks and the vulnerability attacks.
The flooding-type attacks will attempt to exhaust all your system's resource while the

vulnerability attacks will try to paralyze the system by offending the vulnerabilities of the
protocol or operation system.

The DoS Defense function enables the Vigor router to inspect every incoming packet based on

the attack signature database. Any malicious packet that might duplicate itself to paralyze
the host in the secure LAN will be strictly blocked and a Syslog message will be sent as warning,

if you set up Syslog server.

Also the Vigor router monitors the traffic. Any abnormal traffic flow violating the pre-defined

parameter, such as the number of thresholds, is identified as an attack and the Vigor router
will activate its defense mechanism to mitigate in a real-time manner.

The below shows the attack types that DoS/DDoS defense function can detect:

1. SYN flood attack

2. UDP flood attack
3. ICMP flood attack

4. Port Scan attack
5. IP options

6. Land attack
7. Smurf attack

8. Trace route

9. SYN fragment

10. Fraggle attack
11. TCP flag scan

12. Tear drop attack
13. Ping of Death attack

14. ICMP fragment
15. Unassigned Numbers

«
...
299
300
301
302
303
...
»

Summary of Contents for Vigor 3220 SERIES

Page 1: ......

Page 2: ...Vigor2832 Series User s Guide ii Vigor2832 Series ADSL2 2 Security Firewall User s Guide Version 1 1 Firmware Version V3 8 3 1 For future update please visit DrayTek web site Date April 19 2016...

Page 3: ...arrant to the original end user purchaser that the router will be free from any defects in workmanship or materials for a period of two 2 years from the date of purchase from the dealer Please keep yo...

Page 4: ...ovide reasonable protection against harmful interference in a residential installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance...

Page 5: ...USB 42 I 7 Service Activation Wizard 44 I 8 Registering Vigor Router 47 Part II Connectivity 51 II 1 WAN 52 Web User Interface 54 II 1 1 General Setup 54 II 1 1 1 WAN1 ADSL VDSL 55 II 1 1 2 WAN2 Ether...

Page 6: ...t TCP IP and DHCP Setup 114 II 2 1 2 Details Page for LAN1 LAN4 IPv6 Setup 116 II 2 1 3 Details Page for LAN2 LAN4 119 II 2 1 4 Details Page for IP Routed Subnet 120 II 2 2 VLAN 122 II 2 3 Bind IP to...

Page 7: ...Balance for Packets 193 Part III Wireless LAN 195 III 1 Wireless LAN 196 Web User Interface 199 III 1 1 Wireless Wizard 199 III 1 2 General Setup 202 III 1 3 Security 204 III 1 4 Access Control 206 II...

Page 8: ...all 288 Web User Interface 290 V 1 1 General Setup 290 V 1 2 Filter Setup 295 V 1 3 DoS Defense 304 Application Notes 308 A 1 How to Configure Certain Computers Accessing to Internet 308 V 2 CSM Centr...

Page 9: ...4 VI 2 2 Bandwidth Limit 376 VI 2 3 Quality of Service 378 VI 2 4 APP QoS 385 Application Notes 387 A 1 How to Optimize the Bandwidth through QoS Technology 387 A 2 QoS Setting Example 392 VI 3 User M...

Page 10: ...from USB storage device connecting to Vigor router 460 Part VIII Troubleshooting 464 VIII 1Diagnostics 465 Web User Interface 466 VIII 1 1 Dial out Triggering 466 VIII 1 2 Routing Table 467 VIII 1 3...

Page 11: ...8 Contacting DrayTek 491 Appendix I VLAN Applications on Vigor Router 492 Part IX DrayTek Tools 500 X 1 SmartVPN Client 501 X 1 1 DrayTek Android based SmartVPN APP for the establishment of SSL VPN c...

Page 12: ......

Page 13: ...Vigor2832 Series User s Guide 1 P Pa ar rt t I I I In ns st ta al ll la at ti io on n This part will introduce Vigor router and guide to install the device in hardware and software...

Page 14: ...P layer QoS NAT session bandwidth management to help users control works well with large bandwidth By adopting hardware based VPN platform and hardware encryption of AES DES 3DES the router increases...

Page 15: ...outer is ready to access Internet through DSL link DSL Blinking Slowly The DSL connection is ready Quickly The connection is training On The VPN tunnel is active Off VPN services are disabled VPN Blin...

Page 16: ...reless function is ready the green LED will be on WLAN Off Press the button and release it within 2 seconds to turn off the WLAN function When the wireless function is not ready the LED will be off WP...

Page 17: ...n Ethernet cable RJ 45 to the LAN port of the router and the other end of the cable RJ 45 into the Ethernet port on your computer Or use a switch to connect Vigor router and computer s 3 Connect one e...

Page 18: ...Cs connected this router can print documents via the router The example provided here is made based on Windows 7 For other Windows system please visit www DrayTek com Before using it please follow the...

Page 19: ...ser s Guide 7 4 A dialog will appear Click Add a local printer and click Next 5 In this dialog choose Create a new port In the field of Type of port use the drop down list to select Standard TCP IP Po...

Page 20: ...User s Guide 8 6 In the following dialog type 192 168 1 1 router s LAN IP in the field of Hostname or IP Address and type 192 168 1 1 as the Port name Then click Next 7 Click Standard and choose Gene...

Page 21: ...your system will ask you to choose right name of the printer that you installed onto the router Such step can make correct driver loaded onto your PC When you finish the selection click Next 9 Type a...

Page 22: ...Vigor2832 Series User s Guide 10 10 Choose Do not share this printer and click Next 11 Then in the following dialog click Finish...

Page 23: ...uide 11 12 The new printer has been added and displayed under Printers and Faxes Click the new printer icon and click Printer server properties 13 Edit the property of the new printer you have added b...

Page 24: ...Vigor2832 Series User s Guide 12 14 Select LPR on Protocol type p1 number 1 as Queue Name Then click OK Next please refer to the red rectangle for choosing the correct protocol and LPR name...

Page 25: ...additional functions are not supported If you do not know whether your printer is supported or not please visit www draytek com to find out the printer list Open Support FAQ Application Notes find ou...

Page 26: ...he same subnet as the default IP address of Vigor router 192 168 1 1 For the detailed information please refer to the later section Trouble Shooting of the guide 2 Open a web browser on your PC and ty...

Page 27: ...ferent slightly in accordance with the type of the router you have 5 The web page can be logged out according to the chosen condition The default setting is Auto Logout which means the web configurati...

Page 28: ...e type admin admin as Username Password for accessing into the web user interface with admin mode 3 Go to System Maintenance page and choose Admin Setting 4 Enter the login password the default is adm...

Page 29: ...Vigor2832 Series User s Guide 17 Info Even the password is changed the Username for logging onto the web user interface is still admin...

Page 30: ...of the main page A web page with default selections will be displayed on the screen Refer to the following figure I I 5 5 1 1 V Vi ir rt tu ua al l P Pa an ne el l On the top of the Dashboard a virtua...

Page 31: ...out the LED display refer to I 1 1 LED Indicators and Connectors I I 5 5 2 2 N Na am me e w wi it th h a a L Li in nk k A name with a link e g Router Name Current Time WAN1 4 and etc below means you c...

Page 32: ...d under Quick Access The function links of System Status Dynamic DDNS TR 069 User Management IM P2P Block Schedule Syslog Mail Alert LDAP RADIUS Firewall Object Setting and Data Flow Monitor are displ...

Page 33: ...indicates that the traffic would be transmitted through LAN port s and then the WAN port The purpose is to perform the traffic monitor of the host s I I 5 5 4 4 G GU UI I M Ma ap p All the functions t...

Page 34: ...lnet command via DOS prompt The changes made by using web console have the same effects as modified through web user interface The functions settings modified under Web Console also can be reviewed on...

Page 35: ...Config Backup icon It allows you to backup current settings as a file Such configuration file can be restored by using System Maintenance Configuration Backup Simply click the icon on the top of the...

Page 36: ...e S St ta at tu us s I I 5 5 8 8 1 1 P Ph hy ys si ic ca al l C Co on nn ne ec ct ti io on n Such page displays the physical connection status such as LAN connection status WAN connection status ADSL...

Page 37: ...ical connection VDSL ADSL Ethernet or USB of this interface Name Display the name of the router Mode Displays the type of WAN connection e g PPPoE Up Time Displays the total uptime of the interface IP...

Page 38: ...n e g TSPC Up Time Displays the total uptime of the interface IP Displays the IP address of the WAN interface Gateway IP Displays the IP address of the default gateway Info The words in green mean tha...

Page 39: ...word After typing the password please click Next On the next page as shown below please select the WAN interface WAN 1 to WAN4 that you use If DSL interface is used please choose WAN1 if Ethernet inte...

Page 40: ...Type the packet priority number for such VLAN The range is from 0 to 7 Please select the appropriate Internet access type according to the information from your ISP Click Next P PP PP Po oE E P PP PP...

Page 41: ...omatically VCI Type in the value provided by ISP Fixed IP Click Yes to enable Fixed IP feature IP Address Type the IP address if Fixed IP is enabled Primary DNS Type in the primary IP address for the...

Page 42: ...rd Type a valid password provided by the ISP Confirm Password Retype the password Back Click it to return to previous setting page Next Click it to get into the next setting page Cancel Click it to gi...

Page 43: ...ld is provided for ADSL only You have to choose encapsulation and type the values for VPI and VCI Or click Auto detect to find out the best values Fixed IP Click Yes to enable Fixed IP feature IP Addr...

Page 44: ...Start Wizard Setup OK will appear Then the system status of this protocol will be shown 4 Now you can enjoy surfing on the Internet I I 6 6 2 2 F Fo or r W WA AN N2 2 E Et th he er rn ne et t WAN2 is...

Page 45: ...E PPPoE stands for Point to Point Protocol over Ethernet It relies on two widely accepted standards PPP and Ethernet It connects users through an Ethernet to the Internet with a common broadband medi...

Page 46: ...ser name provided by the ISP Note The maximum length of the user name you can set is 63 characters Password Assign a valid password provided by the ISP Note The maximum length of the password you can...

Page 47: ...the Username Password provided by your ISP Click Next for viewing summary of such connection 4 Click Finish A page of Quick Start Wizard Setup OK will appear Then the system status of this protocol w...

Page 48: ...ined as follows Item Description Username Assign a specific valid user name provided by the ISP The maximum length of the user name you can set is 63 characters Password Assign a valid password provid...

Page 49: ...erver Type the IP address of the server Back Click it to return to previous setting page Next Click it to get into the next setting page Cancel Click it to give up the quick start wizard 3 Please type...

Page 50: ...ext to continue Available settings are explained as follows Item Description WAN IP Type the IP address Subnet Mask Type the subnet mask Gateway Type the IP address of gateway Primary DNS Type in the...

Page 51: ...he IP address information originally provided by your ISP Then click Next for next step 4 Click Finish A page of Quick Start Wizard Setup OK will appear Then the system status of this protocol will be...

Page 52: ...ilable settings are explained as follows Item Description Host Name Type the name of the host Note The maximum length of the host name you can set is 39 characters MAC Some Cable service providers spe...

Page 53: ...finished the settings above click Next for viewing summary of such connection 4 Click Finish A page of Quick Start Wizard Setup OK will appear Then the system status of this protocol will be shown 5 N...

Page 54: ...ription Internet Access Choose one of the selections as the protocol of accessing the internet 3G 4G USB Modem PPP mode SIM Pin code Type PIN code of the SIM card that will be used to access Internet...

Page 55: ...to connect Internet with the mode specified here If you choose 4G 3G 2G as network mode the router will choose a suitable one according to the actual wireless signal automatically APN Name APN means...

Page 56: ...tool which allows you to use trial version of WCF directly without accessing into the server MyVigor located on http myvigor draytek com For using Web Content Filter Profile please refer to later sect...

Page 57: ...dwide There is a 30 day trial period After trial you can purchase DrayTek s prepared Commtouch GlobalView WCF package from retailing outlets BPjM is WCF for German Speaking users The fragfINN is white...

Page 58: ...l be activated and applied as the default rule configured in Firewall General Setup 6 Now the web page will display the service that you have activated according to your selection s The valid time for...

Page 59: ...register your Vigor router to MyVigor website for getting more service Please follow the steps below to finish the router registration 1 Please login the web configuration interface of Vigor router b...

Page 60: ...section Creating an Account for MyVigor to create your own one Please read the articles on the Agreement regarding user rights carefully while creating a user account 4 The following page will be disp...

Page 61: ...pup calendar it appears when you click on the box of Registration Date After adding the basic information for the router please click Submit 6 When the following page appears your router information h...

Page 62: ...Vigor2832 Series User s Guide 50 This page is left blank...

Page 63: ...f subnets regulated and ruled by router The design of network structure is related to what type of public IP addresses coming from your ISP When the data flow passing through the Network Address Trans...

Page 64: ...private addresses and the packets will be delivered to the correct host PC in the local area network Thus all the host PCs can share a common Internet connection G Ge et t Y Yo ou ur r P Pu ub bl li...

Page 65: ...still can be used and Load Balance can be done in the router Besides 3G 4G USB Modem in WAN3 WAN4 also can be used as backup device Therefore when WAN1 and WAN2 are not available the router will use 3...

Page 66: ...s disabled If you want to enable it simply click the WAN2 link and select Yes in the field of Enable Available settings are explained as follows Item Description Load Balance Mode This option is avail...

Page 67: ...hysical line is connected by ADSL automatically Therefore this page allows you to configure settings for ADSL at one time That is it is not necessary for you to configure different profile settings fo...

Page 68: ...n to make the WAN1 connection being activated always Load Balance Check this box to enable auto load balance function for such WAN interface When the data traffic is large the WAN interface with the f...

Page 69: ...de please type the line speed for downloading and uploading for such WAN interface The unit is kbps VLAN Tag insertion Enable Enable the function of VLAN with tag The router will add specific VLAN num...

Page 70: ...ce by checking the WAN box After finished the above settings click OK to save the settings I II I 1 1 1 1 3 3 W WA AN N3 3 W WA AN N4 4 U US SB B To use 3G 4G network connection through 3G 4G USB Mode...

Page 71: ...WAN interfaces in connection status Active When If you choose Failover as the Active Mode the option of Active When will appear Any of the selected WAN disconnect Such WAN connection will be activate...

Page 72: ...Physical Mode for WAN interface the Access Mode for these connections also varies Refer to the following figures And And Available settings are explained as follows Item Description Index Display the...

Page 73: ...ows you to configure DHCP client options DHCP packets can be processed by adding option number and data information when such function is enabled and configured Enable Check the box to enable the func...

Page 74: ...by your ISP These settings configured here are specified for ADSL only Multi PVC channel The selections displayed here are determined by the page of Internet Access Multi PVCs Select M PVCs Channel m...

Page 75: ...ugh ARP Detect or Ping Detect Mode Choose ARP Detect or Ping Detect for the system to execute for WAN detection If you choose Ping Detect as the detection mode you have to type required settings for t...

Page 76: ...c IP addresses other than the current one you are using Fixed IP Click Yes to use this function and type in a fixed IP address in the box of Fixed IP Address Default MAC Address You can use Default MA...

Page 77: ...n Drop down the list to choose the type provided by ISP VPI Type in the value provided by ISP VCI Type in the value provided by ISP Modulation Default setting is Multimode Choose the one that fits the...

Page 78: ...enabled When both Bridge Mode and Firewall check boxes are enabled the settings configured user profiles under User Management will be ignored And all of the filter rules defined and enabled in Firewa...

Page 79: ...C Address Type in the MAC address for the router manually DNS Server IP Address Type in the primary IP address for the router If necessary type in secondary IP address for necessity in the future Afte...

Page 80: ...ose Ping Detect as detection mode you also can enable this setting to use current WAN gateway IP address for pinging With the IP address es pinging Vigor router can check if the WAN connection is on o...

Page 81: ...ag ge e f fo or r S St ta at ti ic c o or r D Dy yn na am mi ic c I IP P i in n E Et th he er re en ne et t W WA AN N For static IP mode you usually receive a fixed public IP address or a public subne...

Page 82: ...terval Enter the interval for the system to execute the PING operation WAN Connection Detection Such function allows you to verify whether network connection is alive or not through ARP Detect or Ping...

Page 83: ...he filter rules defined and enabled in Firewall menu will be activated Bridge Subnet Make a bridge between the selected LAN subnet and such WAN interface WAN IP Network Settings This group allows you...

Page 84: ...t MAC Address Click this radio button to use default MAC address for the router Specify a MAC Address Some Cable service providers specify a specific MAC address for access authentication In such case...

Page 85: ...ateway IP Address Specify the gateway IP address for DHCP server ISP Access Setup Username Type in the username provided by ISP in this field The maximum length of the user name you can set is 63 char...

Page 86: ...tomatically Click this button to obtain the IP address automatically Specify an IP address Click this radio button to specify some data IP Address Type the IP address Subnet Mask Type the subnet mask...

Page 87: ...haracters Modem Dial String Such value is used to dial through USB mode Please use the default value If you have any question please contact to your ISP The maximum length of the string you can set is...

Page 88: ...7 D De et ta ai il ls s P Pa ag ge e f fo or r 3 3G G 4 4G G U US SB B M Mo od de em m D DH HC CP P m mo od de e i in n U US SB B W WA AN N To use 3G 4G USB Modem DHCP mode as the accessing protocol o...

Page 89: ...u choose Ping Detect as detection mode you also can enable this setting to use current WAN gateway IP address for pinging With the IP address es pinging Vigor router can check if the WAN connection is...

Page 90: ...xecute for WAN detection Always On means no detection will be executed The network connection will be on always Ping IP Hostname If you choose Ping Detect as detection mode you have to type IP address...

Page 91: ...ent daemon RADVD the PC behind this router can directly connect to IPv6 the Internet Available settings are explained as follows Item Description Username Type the name obtained from the broker It is...

Page 92: ...u to apply another username and password The maximum length of the name you can set is 19 characters Password Type the password assigned with the user name The maximum length of the password you can s...

Page 93: ...ect Mode Choose Always On or Ping Detect for the system to execute for WAN detection Ping IP Hostname If you choose Ping Detect as detection mode you have to type IP address in this field for pinging...

Page 94: ...the system will check if network connection is established or not like IPv4 ARP Detect Always On means no detection will be executed The network connection will be on always Ping IP Hostname If you ch...

Page 95: ...WAN interface Available settings are explained as follows Item Description Static IPv6 Address Configuration IPv6 Address Type the IPv6 Static IP Address Prefix Length Type the fixed value for prefix...

Page 96: ...Firewall check boxes are enabled the settings configured user profiles under User Management will be ignored And all of the filter rules defined and enabled in Firewall menu will be activated Bridge S...

Page 97: ...ection is alive or not through Ping Detect Mode Choose Always On or Ping Detect for the system to execute for WAN detection Always On means no detection will be executed The network connection will be...

Page 98: ...a given 6rd domain It may be any value between 0 and 32 6rd Prefix Type the 6rd IPv6 address 6rd Prefix Length Type the IPv6 prefix length for the 6rd IPv6 prefix in number of bits WAN Connection Dete...

Page 99: ...Vigor2832 Series User s Guide 87...

Page 100: ...the Internet Access web user interface and can not be configured here Channels 5 10 are configurable Enable Display whether the settings in this channel are enabled Yes or not No WAN Type Displays the...

Page 101: ...n the value provided by your ISP Protocol Select a proper protocol for this channel Encapsulation Choose a proper type for this channel The types will be different according to the protocol setting th...

Page 102: ...ick it to disable the configuration of this channel WAN Type The connections and interfaces created in every channel may select a specific WAN type to be built upon In the Multi PVC application only t...

Page 103: ...be effective for Web configuration telnet TR069 IPTV The IPTV configuration will allow the WAN interface to send IGMP packets to IPTV servers WAN Connection Detection Such function is available only w...

Page 104: ...If MPoA is selected you have to configure the settings listed under MPoA Obtain an IP address automatically Click this button to obtain the IP address automatically Router Name Type in the router nam...

Page 105: ...ll Rate The default setting is 0 SCR It represents Sustainable Cell Rate The value of SCR must be smaller than PCR MBS It represents Maximum Burst Size The range of the value is 10 to 50 PVC to PVC Bi...

Page 106: ...ttings are explained as follows Item Description Enable Check the box to enable such function Quota Limit Type the data traffic quota allowed for such WAN interface There are two unit MB and GB offere...

Page 107: ...specify which day of today is in a cycle Cycle duration Specify the days to reset the traffic record For example 7 means the whole cycle is 7 days 20 means the whole cycle is 20 days When the time is...

Page 108: ...Vigor2832 Series User s Guide 96 Administrator is selected Or the system will send out SMS message to the administrator if Send SMS messages to Administrator is selected...

Page 109: ...for each other via existing IPv4 network environment The IPv6 packets will be encapsulated with the header of IPv4 first Later the packets will be transformed and judged by IPv4 router Once the packet...

Page 110: ...upporting IPv6 service 2 In the following figure use the drop down list to choose a proper connection type Different connection types will bring out different configuration page Refer to the following...

Page 111: ...e 99 Access into the setting page for IPv6 service it is not necessary for you to configure anything Click OK and open Online Status If the connection is successful you will get the IP address for IPv...

Page 112: ...Vigor2832 Series User s Guide 100...

Page 113: ...formation for TSPC service Info While using such mode you have to make sure the IPv4 network connection is normal In the following figure the TSPC information is obtained from http gogo6 com after app...

Page 114: ...nfo While using such mode you have to make sure the IPv4 network connection is normal In the following figure the AICCU information is obtained from https www sixxs net main after applied for the serv...

Page 115: ...Guide 103 DHCPv6 Client Choose DHCPv6 Client Click one of the identity associations and type the IAID number Click OK and open Online Status If the connection is successful the physical connection wi...

Page 116: ...s User s Guide 104 Static IPv6 Choose Static IPv6 Type IPv6 address Prefix Length and Gateway Address Click OK and open Online Status If the connection is successful the physical connection will be sh...

Page 117: ...Static Tunnel Choose 6in4 Static Tunnel Type remote endpoint IPv4 address 6in4 IPv6 Address LAN Routed Prefix and Tunnel TTL Click OK and open Online Status If the connection is successful the physic...

Page 118: ...User s Guide 106 6rd Choose 6rd Type IPv4 Border Relay IPv4 Mask Length 6rd Prefix and 6rd Prefix Length Click OK and open Online Status If the connection is successful the physical connection will be...

Page 119: ...outer s client get the IPv6 address 1 Access into the web user interface of Vigor2832 Open LAN General Setup Click the IPv6 button 2 In the field of DHCPv6 Server Configuration when DHCPv6 service is...

Page 120: ...command of ipconfig Refer to the following figure From the above figure we can see IPv6 IP address has been captured by the system 2 Use the Ping command to ping any IPv6 address indicating an IPv6 w...

Page 121: ...pe an URL of IPv6 e g www kame net If your computer accesses into the website by using IPv6 address you may see a turtle dancing on the screen If not only a steady turtle will be seen If you can see a...

Page 122: ...the packets from public IP address to private IP address to forward the right packets to the right host and vice versa Besides Vigor router has a built in DHCP server that assigns private IP address t...

Page 123: ...St ta at ti ic c R Ro ou ut te e When you have several subnets in your LAN sometimes a more effective and quicker way for connection is the Static routes function rather than other method You may simp...

Page 124: ...e settings are explained as follows Item Description General Setup Allow to configure settings for each subnet respectively Index Display all of the LAN items Status Basically LAN1 status is enabled i...

Page 125: ...can redirect clients to a secondary server specified in such field Option Number Type a number for such function DataType Choose the type ASCII or Hex or address list for the data to be stored Data Ty...

Page 126: ...routers Default Enable activate the RIP protocol DHCP Server Configuration DHCP stands for Dynamic Host Configuration Protocol The router by factory default acts a DHCP server for your network so it...

Page 127: ...ny IPs from this server anymore Therefore this feature is used to get the IP back from inactive clients i e doesn t use the IP but the server still reserves the IP for him DNS Server IP Address DNS st...

Page 128: ...the following explanations for detailed information Below shows the settings page for IPv6 It provides 2 daemons for LAN side IPv6 address configuration One is SLAAC stateless and the other is DHCPv6...

Page 129: ...assigned IP address from Vigor router via the following method SLAAC stateless The IP address with Prefix of the host shall be formed according to RA transmitted by Vigor router DHCPv6 stateful The I...

Page 130: ...use Min Max Interval Time sec It defines the interval between minimum time and maximum time for sending RA Router Advertisement packets Default Lifetime sec Within such period of time Vigor2832 can b...

Page 131: ...tically dispatch related IP settings to any local user configured as a DHCP client It is highly recommended that you leave the router enabled as a DHCP server if you do not have a DHCP server for your...

Page 132: ...ay 5 minutes the server still reserves 1 day for that client Because a DHCP server only has a limited number of IPs to lease to its DHCP clients soon enough all the IPs will be used out and then no on...

Page 133: ...92 168 1 2 or greater but smaller than 192 168 1 254 IP Pool Counts Enter the maximum number of PCs that you want the DHCP server to assign IP addresses to The default is 50 and the maximum is 253 Lea...

Page 134: ...can assign each of VLANs to each of the different IP subnets that the router may also be operating to provide even more isolation The said functionality is tag based multi subnet P Po or rt t B Ba as...

Page 135: ...tagged device in P1 to access router It can help users to communicate with the router still even though configuring wrong VLAN tag setting It is recommended to enable the management port LAN 1 to ensu...

Page 136: ...or departmental or multi occupancy applications Info As for the VLAN applications refer to Appendix I VLAN Application on Vigor Router for more detailed information I II I 2 2 3 3 B Bi in nd d I IP P...

Page 137: ...IP and MAC will be displayed in this field Each pair of IP and MAC address listed in ARP table can be selected and added to IP Bind List by clicking Add below Select All Click this link to select all...

Page 138: ...nd List Simply click and select the one and click Delete The selected item will be removed from the IP Bind List Backup Store the configuration for Bind IP to MAC as a file Restore Restore the previou...

Page 139: ...ion Port Mirror Check Enable to activate this function Or check Disable to close this function Mirror Port Select a port to view traffic sent from mirrored ports Mirrored Tx Port Select which ports ar...

Page 140: ...802 1x function Authentication Type Use the drop down list to choose which server External RADIUS or Local 802 1x will be used for authenticating LAN user 802 1x ports After enabling the function sim...

Page 141: ...d web page through this router That is a company which wants to have an advertisement for its products to users can specify the URL in this page to reach its goal Each item is explained as follows Ite...

Page 142: ...setup URL Redirect Any user who wants to access into Internet through this router will be redirected to the URL specified here first It is a useful method for the purpose of advertisement For example...

Page 143: ...TP or HTTPS that corresponding web pages based on that protocol will be redirected Priority If User Management refer to VII 3 User Management mode and such web portal profile are configured and enable...

Page 144: ...ic IP address and the router will do the inversion based on its table Therefore the internal host can communicate with external host smoothly The benefit of the NAT includes Save cost on applying publ...

Page 145: ...ss domain name are recognized by all users Since the server is actually located inside the LAN the network well protected by NAT of the router and identified by its private IP address port the goal of...

Page 146: ...layer protocol TCP or UDP Public Port Display the port number which will be redirected to the specified Private IP and Port of the internal host Private IP Display the IP address of the internal host...

Page 147: ...nd the second box as the ending port Private IP Specify the private IP address of the internal host providing the service If you choose Range as the port redirection mode you will see two boxes on thi...

Page 148: ...b surfing and other such Internet activities from other clients will continue to work without inappropriate interruption DMZ Host allows a defined internal user to be totally exposed to the Internet w...

Page 149: ...of all hosts in your LAN network Select one private IP address in the list to be the DMZ host When you have selected one private IP from the above dialog the IP address will be shown on the screen Cl...

Page 150: ...then a window will automatically pop up as depicted below The window consists of a list of private IP addresses of all hosts in your LAN network Select one private IP address in the list to be the DMZ...

Page 151: ...icular entry that you want to offer service in a local host You should click the appropriate index number to edit or clear the corresponding entry Comment Specify the name for the defined network serv...

Page 152: ...en WAN IP Alias is configured Private IP Enter the private IP address of the local host or click Choose PC to select one Choose IP Click this button and subsequently a window having a list of private...

Page 153: ...tton is clicked and the configuration has taken effect open port keeps the ports opened forever Once the OK button is clicked and the configuration has taken effect port triggering will only attempt t...

Page 154: ...he incoming data of such triggering profile Status Display if the rule is active or de active Click the index number link to open the configuration page Available settings are explained as follows Ite...

Page 155: ...e the selected protocol Select the protocol TCP UDP or TCP UDP for the incoming data of such triggering profile Incoming Port Type the port or port range for the incoming packets After finishing all t...

Page 156: ...ecified private IP address S Sc ch he ed du ul le e The Vigor router has a built in clock which can update itself manually or automatically by means of Network Time Protocols NTP As a result you can n...

Page 157: ...uter is NAT Traversal This enables applications inside the firewall to automatically open the ports that they need to pass through a router W Wa ak ke e o on n L LA AN N A PC client on LAN can be woke...

Page 158: ...function Set to Factory Default Clear all profiles and recover to factory settings View Log Display DDNS log status Force Update Force the router updates its information to DDNS server Auto Update int...

Page 159: ...service type Dynamic Custom or Static If you choose Custom you can modify the domain that is chosen in the Domain Name field Domain Name Type in one domain name that you applied previously Use the dro...

Page 160: ...Click OK button to activate the settings You will see your setting has been saved D Di is sa ab bl le e t th he e F Fu un nc ct ti io on n a an nd d C Cl le ea ar r a al ll l D Dy yn na am mi ic c D D...

Page 161: ...side LAN you can specify specific private IP address es to correspondent servers Thus even the remote PC is adopting public DNS as the DNS server the LAN DNS resolution on Vigor2832 Series will respon...

Page 162: ...ws Item Description Enable Check this box to enable such profile Profile Type a name for such profile Note If you type a name here for LAN DNS and click OK to save the configuration the name also will...

Page 163: ...re LAN DNS settings click index 1 to edit the LAN DNS profile just created Or you can click index 2 to use this profile as conditional DNS forwarding Available settings are explained as follows Item D...

Page 164: ...are explained as follows Item Description Enable Check the box to enable the DNS security management Interface There are four WAN interfaces allowed to be set with DNS security enabled Primary DNS Dis...

Page 165: ...ngs are explained as follows Item Description Domain Type the domain name or IP address IPv4 IPv6 that you want to query Interface Specify the interface required for executing diagnose DNS Server Type...

Page 166: ...lock to current time of your PC The clock will reset once if you power down or reset the router There is another way to set up time You can inquiry an NTP server a time server on the Internet to synch...

Page 167: ...on demand and the value of idle timeout should be specified in Idle Timeout field Disable Dial On Demand Specify the connection to be up when it has traffic on the line Once there is no traffic over...

Page 168: ...widely used by Internet service providers It is the most common method of authenticating and authorizing dial up and tunneled network users I II I 4 4 5 5 1 1 E Ex xt te er rn na al l R RA AD DI IU US...

Page 169: ...e er rn na al l R RA AD DI IU US S Except for being a built in RADIUS client Vigor router also can be operated as a RADIUS server which performs security authentication by itself This page is used to...

Page 170: ...ocess of security authentication user account and user password will be required for identity authentication Before configuring such page create at least one user profile in User Management User Profi...

Page 171: ...er Destination Port The UDP port number that the TACACS server is using Shared Secret The TACACS server and client share a secret that is used to authenticate the messages sent between them Both sides...

Page 172: ...blished by the work team of Internet Engineering Task Force IETF As the name described LDAP is designed as an effect way to access directory service without the complexity of other directory service p...

Page 173: ...y For the regular mode you ll need to type in the Regular DN and Regular Password Server Address Enter the IP address of LDAP server Destination Port Type a port number as the destination port for LDA...

Page 174: ...most LDAP server is cn Base Distinguished Name Group Distinguished Name Type or edit the distinguished name used to look up entries on the LDAP server Sometimes you may forget the Distinguished Name...

Page 175: ...Control Service or Connection Status Service Default WAN It is used to specify the WAN interface for applying such function The reminder as regards concern about Firewall and UPnP Can t work with Fire...

Page 176: ...In addition such function is available in NAT mode IGMP Snooping Check this box to enable this function Multicast traffic will be forwarded to ports that have members of that group Disabling IGMP sno...

Page 177: ...able settings are explained as follows Item Description Wake by Two types provide for you to wake up the binded IP If you choose Wake by MAC Address you have to type the correct MAC address of the hos...

Page 178: ...Item Description Index Check the box to enable such profile SMS Provider Use the drop down list to choose SMS service provider You can click SMS Provider link to define the SMS server Recipient Type t...

Page 179: ...ew one with specified service provider Recipient Type the e mail address of the one who will receive the notification message Notify Profile Use the drop down list to choose a message profile The reci...

Page 180: ...n e g IP setting If the host and user s computer have the plug in bonjour driver install they can utilize the service offered by the router by clicking the router name icon In short what the Clients u...

Page 181: ...tem Maintenance Management Type a name as the Router Name and click OK 4 Next open Applications Bonjour Check the service that you want to use via Bonjour 5 Open the DNSSD page again The available ite...

Page 182: ...Vigor2832 Series User s Guide 170 6 Now any page or document can be printed out through Vigor router installed with a printer...

Page 183: ...into the web user interface of the Vigor router 2 Open Applications Active Directory LDAP to get the following page for configuring LDAP related settings There are three types of bind type supported...

Page 184: ...Vigor2832 Series User s Guide 172 and 4 Click OK to save the settings above 5 Open User Management General Setup Select User Based as the Mode option...

Page 185: ...VPN and Remote Access PPP General Setup to check the profile s that will be authenticated with LDAP server After above configurations users belong to either rd1 or shrd group can access Internet afte...

Page 186: ...nterface Specify Interface Through dedicated interface WAN LAN VPN the data can be sent from the source IP to the destination IP Address Mapping Allows you specify the outgoing WAN IP address es for a...

Page 187: ...II I 5 5 1 1 1 1 S St ta at ti ic c R Ro ou ut te e f fo or r I IP Pv v4 4 Available settings are explained as follows Item Description Index The number 1 to 30 under Index allows you to open next pa...

Page 188: ...rnal Router B 192 168 1 3 have set Main Router 192 168 1 1 as the default gateway for the Router A 192 168 1 2 Before setting Static Route user A cannot talk to user B for Router A can only forward re...

Page 189: ...to enable this profile Destination IP Address Type an IP address as the destination of such static route Subnet Mask Type the subnet mask for such static route Network Interface Use the drop down lis...

Page 190: ...f the static route Set to Factory Default Clear all of the settings and return to factory default settings Viewing IPv6 Routing Table Displays the routing table for your reference Click any underline...

Page 191: ...IP Start Displays the IP address for the start of the source IP Src IP End Displays the IP address for the end of the source IP Dest IP Start Displays the IP address for the start of the destination I...

Page 192: ...P can be treated as the destination IP Dest IP Start Type the destination IP start for the specified WAN interface Dest IP End Type the destination IP end for the specified WAN interface If this field...

Page 193: ...lable settings are explained as follows Item Description Force NAT Force Routing It determines which mechanism that the router will use to forward the packet to WAN 5 After choosing the mechanism clic...

Page 194: ...Enable Check this box to enable this policy Protocol Use the drop down menu to choose a proper protocol for the WAN interface Source IP Any Any IP can be treated as the source IP Src IP Start Type the...

Page 195: ...ne which rule will be adopted for transmitting the packet according to the priority of Static Route and Route Policy The greater the value is the lower the priority is Default value for route policy i...

Page 196: ...mation Specify the nature of the packets to be analyzed by Vigor router ICMP UDP TCP ANY Specify a protocol for diagnosis Src IP Type an IP address as the source IP Dst IP Type an IP address as the de...

Page 197: ...of analyzing The analyzed result will be shown on the page If required click export analysis to export the result as a file Note that the analysis was based on the current load balance route policy s...

Page 198: ...vised later Example 1 In the following figure a LAN to LAN VPN tunnel is built between DrayTek VPN router e g Vigor2832 Series and the remote router Firewall Router can receive all of the traffic comi...

Page 199: ...value is fixed as 250 And Routes in Routing Table are fixed as 150 You can adjust the value for such route policy with lower value e g 100 to ensure it will be applied to packets transmission with th...

Page 200: ...side of Router A to break through the Internet censorship circumvention A VPN tunnel has been established between Router A and router B 1 Access into the web user interface of Router A 2 Open Load Bal...

Page 201: ...mapped into either 202 211 100 10 or 203 98 200 10 which IP or mapping is decided by the internal load balancing algorithm With address mapping feature you can manually configure any host mapping to a...

Page 202: ...of WAN 1 to open the following page From the above figure set main WAN IP address as 202 211 100 10 Click the WAN IP Alias button to configure the other IP address which is 202 211 100 11 Make sure Jo...

Page 203: ...s User s Guide 191 4 After finished configuration for WAN1 open Load Balance Route Policy 5 Click Index number 1 and 2 to configure the details After finished the settings click OK to save the setting...

Page 204: ...User s Guide 192 And 6 Upon completing the above configuration you have specified the outgoing IP address es for some specific computers Now you bind some specific computers to some WAN IP alias for...

Page 205: ...e following figure shows a simple application of load balance WAN1 and WAN2 can be used to access into Internet The PC in LAN1 can send the data to the remote PC through the specified WAN1 1 Access in...

Page 206: ...t IP Start and Dest IP End with 203 65 1 35 and 203 65 1 35 choose WAN1 as the Interface click default gateway 4 After finished the above settings click OK to save the configuration Now the packets se...

Page 207: ...er s Guide 195 P Pa ar rt t I II II I W Wi ir re el le es ss s L LA AN N Wireless LAN enables high mobility so WLAN users can simultaneously access all LAN facilities just like on a wired LAN as well...

Page 208: ...ired LAN as well as Internet access Vigor2832 wireless router is a highly integrated wireless local area network WLAN for 2 4 GHz 802 11n WLAN applications Vigor2832 n series router supports 802 11n u...

Page 209: ...ay consider using WPA for the most secure connection You should select the appropriate security mechanism according to your needs No matter which security suite you select they all will enhance the ov...

Page 210: ...Series User s Guide 198 W WP PS S WPS Wi Fi Protected Setup provides easy procedure to make network connection between wireless station and wireless access point vigor router with the encryption of WP...

Page 211: ...age will be used for internal users in a company or your home Available settings are explained as follows Item Description Name Type the SSID name of this router for wireless 2 4GHz The default name i...

Page 212: ...ing allowed to share the LAN network and VPN connection Available settings are explained as follows Item Description Enable Disable Click it to enable or disable settings in this page SSID Type the SS...

Page 213: ...setting page Cancel Exit the wireless wizard without saving any changes 4 After typing the required information click Next 5 The following page will display the configuration summary for wireless set...

Page 214: ...11g 11n mode Channel Means the channel of frequency of the wireless LAN The default channel is 6 You may switch channel if the selected channel is under serious interference If you have no idea of cho...

Page 215: ...to make the wireless clients stations with different VPN not accessing for each other Schedule Set the wireless LAN to work at certain time interval only You may choose up to 4 schedules out of the 1...

Page 216: ...ecurity mode is provided and stated on the label pasted on the bottom of the router For the wireless client who wants to access into Internet through such router please input the default PSK value for...

Page 217: ...cepts WPA and WPA2 clients simultaneously and the encryption key should be entered in PSK WPA The WPA encrypts each frame transmitted from the radio using the key which either PSK Pre Shared Key enter...

Page 218: ...o enable the MAC Address filter for wireless LAN identified with SSID 1 to 4 respectively All the clients expressed by MAC addresses listed in the box can be grouped under different wireless LAN For e...

Page 219: ...s access point vigor router with the encryption of WPA and WPA2 Info WPS is available for the wireless station with WPS supported It is the simplest way to build connection between wireless network cl...

Page 220: ...rt PBC button of network card If you want to use PIN code you have to know the PIN code specified in wireless client Then provide the PIN code of the wireless client you wish to connect to the vigor r...

Page 221: ...de of the router Only WPA2 PSK and WPA PSK support WPS Configure via Push Button Click Start PBC to invoke Push Button style WPS setup procedure The router will wait for WPS requests from wireless cli...

Page 222: ...ridge interface The application for the WDS Repeater mode is depicted as below The major difference between these two modes is that while in Repeater mode the packets received from one peer AP can be...

Page 223: ...as follows Item Description Mode Choose the mode for WDS setting Disable mode will not invoke any WDS setting Bridge mode is designed to fulfill the first type of application Repeater mode is for the...

Page 224: ...ase disable the unused link to get better performance If you want to invoke the peer MAC address remember to check Enable box in the front of the MAC address after typing Repeater If you choose Repeat...

Page 225: ...0 40 the router will use 20Mhz or 40Mhz for data transmission and receiving according to the station capability Such channel can increase the performance for data transit 40 the router will use 40Mhz...

Page 226: ...e Enable radio button APSD Capable The default setting is Disable Fragment Length 256 2346 Set the Fragment threshold of wireless radio Do not modify default value if you don t know what it is default...

Page 227: ...is determined according to the limitation of the wireless client Total Upload Limit It is available when Auto Adjustment is selected Type a value to define the maximum data traffic uploading for all...

Page 228: ...of the APs on the wireless LAN Yet only the AP which is in the same channel of this router can be found Please click Scan to discover all the connected APs Available settings are explained as follows...

Page 229: ...with its status code There is a code summary below for explanation For convenient Access Control you can select a WLAN station and click Add to Access Control below Available settings are explained a...

Page 230: ...Vigor2832 Series User s Guide 218 This page is left blank...

Page 231: ...a manner that emulates the properties of a point to point private link It is a form of VPN that can be used with a standard Web browser A digital certificate works as an electronic ID which is issued...

Page 232: ...he Internet In short by VPN technology you can send data between two computers across a shared or public network in a manner that emulates the properties of a point to point private link The VPN built...

Page 233: ...or VPN dial out connection from server to client step by step 1 Open Wizards VPN Client Wizard The following page will appear Available settings are explained as follows Item Description LAN to LAN Cl...

Page 234: ...es provided here Different type will lead to different configuration page After making the choices for the client profile please click Next You will see different configurations based on the selection...

Page 235: ...Vigor2832 Series User s Guide 223 When you choose IPsec you will see the following graphic When you choose L2TP you will see the following graphic...

Page 236: ...see the following graphic When you choose SSL you will see the following graphic Available settings are explained as follows Item Description Profile Name Type a name for such profile The length of th...

Page 237: ...ared key Digital Signature X 509 Click Digital Signature to invoke this function Peer ID Choose the peer ID selection from the drop down list Local ID Choose Alternative Subject Name First or Subject...

Page 238: ...ilable settings are explained as follows Item Description Go to the VPN Connection Management Click this radio button to access VPN and Remote Access Connection Management for viewing VPN Connection s...

Page 239: ...Site VPN Remote Dial in User You can manage remote access by maintaining a table of remote user profile so that users can be authenticated to dial in via VPN connection Please choose a LAN to LAN Pro...

Page 240: ...anged according to the VPN Server Mode Site to Site VPN and Remote Dial in User selected 2 After making the choices for the server profile please click Next You will see different configurations based...

Page 241: ...IPsec policy above The length of the name is limited to 11 characters Pre Shared Key For IPsec L2TP IPsec authentication you have to type a pre shared key The length of the name is limited to 64 chara...

Page 242: ...sted on the page and click Finish to execute the next action Available settings are explained as follows Item Description Go to the VPN Connection Management Click this radio button to access VPN and...

Page 243: ...the necessary VPN service as you need If you intend to run a VPN server inside your LAN you should disable the VPN service of Vigor Router to allow VPN tunnel pass through as well as the appropriate N...

Page 244: ...the remote dial in user If the remote dial in user does not support the MPPE encryption algorithm the router will transmit no MPPE encrypted packets Otherwise the MPPE encryption scheme will be used...

Page 245: ...uld choose an IP address from the local private network For example if the local private network is 192 168 1 0 255 255 255 0 you could choose 192 168 1 200 as the Start IP Address You can configure u...

Page 246: ...the data payload only It can just apply to local packet e g L2TP over IPsec The Tunnel mode will not only add the AH ESP payload but also use a new IP header Tunneled IP header to encapsulate the whol...

Page 247: ...curity Payload ESP means payload data will be encrypted and authenticated You may select encryption algorithm from Data Encryption Standard DES Triple DES 3DES and AES After finishing all the settings...

Page 248: ...nt Check it to enable such account profile Accept Any Peer ID Click to accept any peer regardless of its identity Accept Subject Alternative Name Click to check one specific field of digital signature...

Page 249: ...t in RADIUS client function The following figure shows the summary table Available settings are explained as follows Item Description Set to Factory Default Click to clear all indexes View All Click i...

Page 250: ...ial in user to make a PPTP VPN connection through the Internet You should set the User Name and Password of remote dial in user below IPsec Tunnel Allow the remote dial in user to make an IPsec VPN co...

Page 251: ...authentication with mOTP function PIN Code Type the code for authentication e g 1234 Secret Use the 32 digit secret number generated by mOTP in the mobile phone e g e759bb6f0e94c7ab4fe6 Subnet Chose o...

Page 252: ...to o L LA AN N Here you can manage LAN to LAN connections by maintaining a table of connection profiles You may set parameters including specified connection direction dial in or dial out connection p...

Page 253: ...AN profile The symbol represents that the profile is empty Active V means the profile has been enabled X means the profile has not been enabled Status Indicate the status of individual profiles The sy...

Page 254: ...sion between the hosts located on both sides of VPN Tunnel while connecting Block When there is conflict occurred between the hosts on both sides of VPN Tunnel in connecting such function can block da...

Page 255: ...can be viewed as one pure L2TP connection Nice to Have Apply the IPsec policy first if it is applicable during negotiation Otherwise the dial out VPN connection becomes one pure L2TP connection Must S...

Page 256: ...gorithm AES without Authentication Use AES encryption algorithm and not apply any authentication scheme AES with Authentication Use AES encryption algorithm and apply MD5 or SHA 1 authentication algor...

Page 257: ...value is inactive this function Local ID In Aggressive mode Local ID is on behalf of the IP address while identity authenticating with remote VPN server The length of the ID is limited to 47 characte...

Page 258: ...pply the authentication methods and security methods in the general settings User Name This field is applicable when you select PPTP or L2TP with or without IPsec policy above The length of the name i...

Page 259: ...de wants to use it the peer must enable it too My GRE IP Type the virtual IP for router itself for verified by peer Peer GRE IP Type the virtual IP of peer host for verified by router TCP IP Network S...

Page 260: ...connection established the router will change the IP address according to the settings configured here and block sessions which are not coming from the IP address defined in the Virtual IP Mapping li...

Page 261: ...o types for you to choose Whole Subnet Specific IP Address Virtual IP Mapping A pop up dialog will appear for you to specify the local IP address and the mapping virtual IP address 2 After finishing a...

Page 262: ...e activated when initial connection of single VPN tunnel is off line Before setting VPN TRUNK VPN Backup mechanism backup profile please configure at least two sets of LAN to LAN profiles with fully c...

Page 263: ...PN Backup mechanism profile Member1 Display the dial out profile selected from the Member1 drop down list below Active Yes means normal condition No means the state might be disabled or that profile c...

Page 264: ...le Member1 Display the dial out profile selected from the Member1 drop down list below Active Yes means normal condition No means the state might be disabled or that profile currently is set with Dial...

Page 265: ...Status Enable or Disable profile name member1 or member2 Delete Click this button to delete the selected VPN TRUNK profile The corresponding members LAN to LAN profiles grouped in the deleted VPN TRU...

Page 266: ...one of the LAN to LAN profiles from Member1 drop down list choose one of the LAN to LAN profiles from Member2 drop down list and click Add at last 4 Take a look for LAN to LAN profiles Index 1 is chos...

Page 267: ...er 192 168 50 200 in the field of Peer GRE IP A Ad dv va an nc ce ed d L Lo oa ad d B Ba al la an nc ce e a an nd d B Ba ac ck ku up p After setting profiles for load balance you can choose any one of...

Page 268: ...alance of packet transmission with flexible rate It can be divided into Auto Weighted and According to Speed Ratio Auto Weighted can detect the device speed 10Mbps 100Mbps and switch with fixed value...

Page 269: ...TCP Service Port also fits the number here such binding tunnel table can be established UDP means when the source IP destination IP destination port and fragment conditions match with the settings spe...

Page 270: ...ICMP or Other as Binding Protocol A Ad dv va an nc ce ed d B Ba ac ck ku up p Available settings are explained as follows Item Description Profile Name List the backup profile name ERD Mode ERD means...

Page 271: ...on You may also aggressively Dial out by using Dial out Tool and clicking Dial button Available settings are explained as follows Item Description Dial out Tool General Mode This filed displays the pr...

Page 272: ...Vigor2832 Series User s Guide 260 Refresh Seconds Choose the time for refresh the dial information among 5 10 and 30 Refresh Click this button to refresh the whole connection status...

Page 273: ...i io on n o on n V Vi ig go or r R Ro ou ut te er r f fo or r H He ea ad d O Of ff fi ic ce e 1 Log into the web user interface of Vigor router 2 Open VPN and Remote Access LAN to LAN to create a LAN...

Page 274: ...Server IP e g 218 242 130 19 in this case Press the IKE Pre Shared Key button to set the PSK and select Medium AH or High ESP as the security method 5 Continue to navigate to the TCP IP Network Settin...

Page 275: ...ess LAN to LAN to create a LAN to LAN profile The following settings are for a permanent VPN connection 3 Click any index number to open the configuration page Type a name which is easy for identifica...

Page 276: ...ervice and type the remote server IP host name e g 218 242 133 91 in this case Press the IKE Pre Shared Key button to set the PSK and select Medium AH or High ESP as the security method 5 Continue to...

Page 277: ...Vigor2832 Series User s Guide 265 7 Open VPN and Remote Access Connection Management to check the dial in connection status from head office...

Page 278: ...network is a form of VPN that can be used with a standard Web browser There are two benefits that SSL VPN provides It is not necessary for users to preinstall VPN client software for executing SSL VPN...

Page 279: ...l not affect the HTTPS Port configuration set in System Maintenance Management In general the default setting is 443 Server Certificate When the client does not set any certificate default certificate...

Page 280: ...e Display current status active or inactive of such profile Click number link under Index filed to set detailed configuration Available settings are explained as follows Item Description Name Type nam...

Page 281: ...vate port mapping to random WAN port There are two restrictions for proxy web server for such selection 1 it is only used for WAN to LAN access the web server must be configured behind vigor router 2...

Page 282: ...ription Name Display the application name of the profile that you create Host Address Display the IP address for VNC RDP or SMB path Service Display the type of the service selected e g VNC RDP SMB Ac...

Page 283: ...C through RDP protocol IP Address If you choose VNC or RDP you have to type the IP address for this protocol Port If you choose VNC or RDP you have to specify the port used for this protocol The defau...

Page 284: ...guest network or web cafe The SSL technology is the same as the encryption that you use for secure web sites such as your online bank The SSL VPN can be operated in either full tunnel mode or proxy mo...

Page 285: ...he length of the name password is limited to 19 characters Enable Mobile One Time Passwords mOTP Check this box to make the authentication with mOTP function PIN Code Type the code for authentication...

Page 286: ...l Multicast via VPN Some programs might send multicast packets via VPN connection Pass Click this button to let multicast packets pass through the router Block This is default setting Click this butto...

Page 287: ...yption algorithm from Data Encryption Standard DES Triple DES 3DES and AES Local ID Specify a local ID to be used for Dial in setting in the LAN to LAN Profile setup This item is optional and can be u...

Page 288: ...profiles will be used by applications such as User Management VPN and etc Each item is explained as follows Item Description Set to Factory Default Click to clear all indexes Index Display the number...

Page 289: ...s Remote Dial In User The enabled profiles will be listed in the Available User Account on the left box To add a profile into a group simply choose the one from the left box and click the button It wi...

Page 290: ...ess into DrayTek SSL VPN portal interface Next users can open SSL VPN Online Status to view logging status of SSL VPN Available settings are explained as follows Item Description Active User Display c...

Page 291: ...gor router support digital certificates conforming to standard X 509 Any entity wants to utilize digital certificates should first request a certificate issued by a CA server It should also retrieve c...

Page 292: ...import a saved file as the certification information Refresh Click this button to refresh the information listed below View Click this button to view the detailed settings for certificate request Del...

Page 293: ...T Vigor router allows you to generate a certificate request and submit it the CA server then import it as Local Certificate If you have already gotten a certificate from a third party you may import i...

Page 294: ...as OK Upload PKCS12 Certificate It allows users to import the certificate whose extensions are usually pfx or p12 And these certificates usually need passwords Note PKCS12 is a standard for storing p...

Page 295: ...tings for certificate request Info You have to copy the certificate request information from above window Next access your CA server and enter the page of certificate request copy the information into...

Page 296: ...certificate authority Root CA will be used to authenticate the digital certificates offered by both ends However the procedure of applying digital certificate from a trusted root certificate authority...

Page 297: ...ck GENERATE again I Im mp po or rt ti in ng g a a T Tr ru us st te ed d C CA A To import a pre saved trusted CA certificate please click IMPORT to open the following window Use Browse to find out the...

Page 298: ...ificate for this router can be saved within one file Please click Backup on the following screen to save them If you want to set encryption password for these certificates please type characters in bo...

Page 299: ...y has been always the most concerned The firewall of the Vigor router helps to protect your local network against attack from unauthorized outsiders It also restricts users in the local network from a...

Page 300: ...s unsolicited incoming data Selectable Denial of Service DoS Distributed DoS DDoS attacks protection I IP P F Fi il lt te er rs s Depending on whether there is an existing Internet connection or in ot...

Page 301: ...xhaust all your system s resource while the vulnerability attacks will try to paralyze the system by offending the vulnerabilities of the protocol or operation system The DoS Defense function enables...

Page 302: ...here you assign the Start Filter Set only Also you can configure the Log Flag settings Apply IP filter to VPN incoming packets and Accept incoming fragmented UDP packets Click Firewall and click Gene...

Page 303: ...ity checking for data transmission Such feature is enabled in default All the packets while transmitting through Vigor router will be filtered by firewall If the firewall system e g content filter ser...

Page 304: ...d section later User Management Such item is available only when Rule Based is selected in User Management General Setup The general firewall rule will be applied to the user user group all users spec...

Page 305: ...u can specify to record information for Web Content Filter by checking the Log box It will be sent to Syslog server Please refer to section Syslog Mail Alert for more detailed information DNS Filter S...

Page 306: ...e more the value is the better the performance will be However if the network is not stable small value will be proper Session timeout Setting timeout for sessions can make the best utilization of net...

Page 307: ...each rule Check Active to enable the filter rule Available settings are explained as follows Item Description Rule Click a button numbered 1 7 to edit the filter rule Click the button will open Edit F...

Page 308: ...ly used settings of filter rule via three setting pages Advance Mode Allow to configure detailed settings of filter rule in one page To use Wizard Mode simple do the following steps 1 Click the Wizard...

Page 309: ...ess as the Address Type and type them in this dialog In addition if you want to use the IP range from defined groups or objects please choose Group and Objects as the Address Type From the IP Group dr...

Page 310: ...o use Advance Mode do the following steps 1 Click the Advance Mode radio button 2 Click one of the indexe number linke e g Index 2 to access into the following page Available settings are explained as...

Page 311: ...setting is not available since Call Filter is only applied to outgoing traffic Note RT means routing domain for 2nd subnet or other LAN Source Destination IP Click Edit to access into the following di...

Page 312: ...number less than this value is available for this profile Service Group Object Use the drop down list to choose the one that you want Fragments Specify the action for fragmented packets And it is used...

Page 313: ...w Group item will appear for you to click to create a new one APP Enforcement Select an APP Enforcement profile for global IM P2P application blocking If there is no profile for you to select please c...

Page 314: ...the DNS Filter link from the drop down list in this page to create a new profile Advance Setting Click Edit to open the following window However it is strongly recommended to use the default settings...

Page 315: ...rough Vigor router will be filtered by firewall settings configured by Vigor router When the resource is inadequate the packets will be blocked if Strict Security Checking is enabled If Strict Securit...

Page 316: ...igor router will start to randomly discard the subsequent TCP SYN packets for a period defined in Timeout The goal for this is prevent the TCP SYN packets attempt to exhaust the limited resource of Vi...

Page 317: ...vulnerability of the security for the LAN because it will carry significant information such as security TCC closed user group parameters a series of Internet addresses routing messages etc An eavesd...

Page 318: ...P Fragment Check the box to activate the Block ICMP fragment function Any ICMP packets with more fragment bit set are dropped Block Unassigned Numbers Check the box to activate the Block Unknown Proto...

Page 319: ...Vigor2832 Series User s Guide 307...

Page 320: ...1 10 192 168 1 20 accessing to Internet through Vigor router Others e g 192 168 1 31 and 192 168 1 32 outside the range can get the source from LAN only The way we can use is to set two rules under F...

Page 321: ...ll check the packets starting with Set 2 Filter Rule 2 to Filter Rule 7 If Block If No Further Match for is selected for Filter the firewall of the router would check the packets with the rules starti...

Page 322: ...lick the Edit button for Source IP 6 A dialog box will be popped up Choose Range Address as Address Type by using the drop down list Type 192 168 1 10 in the field of Start IP and type 192 168 1 20 in...

Page 323: ...r not The action for Filter shall be set with Pass Immediately Then click OK to save the settings 8 Both filter rules have been created Click OK Now all the settings are configured well Only the compu...

Page 324: ...cks the URL strings or some of HTTP data hiding in the payload of TCP packets while legacy firewall inspects packets based on the fields of TCP IP headers only On the other hand Vigor router can preve...

Page 325: ...will be applied in Default Rule of Firewall General Setup for filtering Available settings are explained as follows Item Description Set to Factory Default Clear all profiles Profile Display the numbe...

Page 326: ...s 15 characters Select All Click it to choose all of the items in this page Clear All Uncheck all the selected boxes Enable Check the box to select the APP to be blocked by Vigor router Adv A button u...

Page 327: ...atically Available settings are explained as follows Item Description Upgrade Setting APPE Module Version Display current version status of APPE signature New version from the Internet Download button...

Page 328: ...n also provide a job related only environment hence to increase the employee work efficiency How can URL Content Filter work better than traditional firewall in the field of filtering Because it check...

Page 329: ...the message manually for your necessity Default Message You can type the message manually for your necessity or click this button to get the default message which will be displayed on the field of Ad...

Page 330: ...ch function can determine the priority for the actions executed For this one the router will process the packages with the conditions set below for web feature first then URL second Log None There is...

Page 331: ...site whose URL string matched to any user defined keyword It should be noticed that the more simplified the blocking keyword list is the more efficiently the Vigor router performs Web Feature Enable R...

Page 332: ...hanism developed and offered by certain service provider e g DrayTek No matter activating WCF feature or getting a new license for web content filter you have to click Activate to satisfy your request...

Page 333: ...the message manually for your necessity or click this button to get the default message which will be displayed on the field of Administration Message Cache None the router will check the URL that the...

Page 334: ...be changed simultaneously All of the configuration made for web content filter will be deleted automatically Therefore please backup your data before you change the web content filter license Availabl...

Page 335: ...isted on Group Object Selections If the web pages do not match with the specified feature set here they will be processed with the categories listed on the box below Action Pass allow accessing into t...

Page 336: ...Profile will be applied to DNS query coming from clients on LAN Info For DNS filter must use the WCF service profile to filter the packets therefore WCF license must be activated first Otherwise DNS...

Page 337: ...l the actions Pass and Block will be recorded in Syslog WCF Set the filtering conditions UCF Set the filtering conditions Enable Block Page If such function is enabled when DNS packets are blocked by...

Page 338: ...everal useful services such as Anti Spam Web Content Filter Anti Intrusion and etc to filtering the web pages for the sake of protecting your system To access into MyVigor for getting more information...

Page 339: ...es User s Guide 327 2 Click the Activate link A login page for MyVigor web site will pop up automatically 3 Click the link of Create an account now 4 Check to confirm that you accept the Agreement and...

Page 340: ...Vigor2832 Series User s Guide 328 5 Type your personal information in this page and then click Continue 6 Choose proper selection for your computer and click Continue...

Page 341: ...ART 8 Check to see the confirmation email with the title of New Account Confirmation Letter from myvigor draytek com 9 Click the Activate my Account link to enable the account that you created The fol...

Page 342: ...d 11 Now click Login Your account has been activated You can access into MyVigor server to activate the service e g WCF that you want C Cr re ea at te e a an n A Ac cc co ou un nt t v vi ia a M My yV...

Page 343: ...onfirm that you accept the Agreement and click Accept 3 Type your personal information in this page and then click Continue 4 Choose proper selection for your computer and click Continue 5 Now you hav...

Page 344: ...ation email with the title of New Account Confirmation Letter from myvigor draytek com 7 Click the Activate my Account link to enable the account that you created The following screen will be shown to...

Page 345: ...password that you just created in the fields of UserName and Password Then type the code in the box of Auth Code according to the value displayed on the right side of it Now click Login Your account h...

Page 346: ...lt te er r There are two ways to block the facebook service Web Content Filter and URL Content Filter Web Content Filter Benefits Easily and quickly implement the category website that you want to blo...

Page 347: ...Next time when someone accesses facebook via this router the web page would be blocked and the following message would be displayed instead II Via URL Content Filter A Block the web page containing t...

Page 348: ...Guide 336 3 Open CSM URL Content Filter Profile Click an index number to open the setting page 4 Configure the settings as the following figure 5 When you finished the above steps click OK Then open...

Page 349: ...the field of URL Content Filter Now users cannot open any web page with the word facebook inside B Disallow users to play games on Facebook 1 Open Object Settings Keyword Object Click an index number...

Page 350: ...page 4 Configure the settings as the following figure 5 When you finished the above steps please open Firewall General Setup 6 Click the Default Rule tab Choose the profile just configured from the d...

Page 351: ...ng Configuration Backup Syslog Mail Alert Time and Date Management Reboot System Firmware Upgrade and Activation It is used to control the bandwith of data transmission through configuration of Sessio...

Page 352: ...e several items that you have to know the way of configuration System Status TR 069 Administrator Password User Password Login Page Greeting Configuration Backup Syslog Mail Alert Time and Date Manage...

Page 353: ...tion Available settings are explained as follows Item Description Model Name Display the model name of the router Firmware Version Display the firmware version of the router Build Date Time Display th...

Page 354: ...s Display the IP address of the WAN interface Default Gateway Display the assigned IP address of the default gateway IPv6 Address Display the IPv6 address for LAN Scope Display the scope of IPv6 addre...

Page 355: ...rver On Choose the interface for the router connecting to ACS server ACS Server URL Username Password Such data must be typed according to the ACS Auto Configuration Server you want to link Please ref...

Page 356: ...Type the port number of the STUN server Minimum Keep Alive Period If STUN is enabled the CPE must send binding request to the server for the purpose of maintaining the binding in the Gateway Please ty...

Page 357: ...n this field The length of the password is limited to 23 characters Confirm Password Type in the new password again Administrator Local User The administrator can login web user interface of Vigor rou...

Page 358: ...ed It can ensure that any user is able to successfully accesses into web user interface of Vigor router through Internet by username password of admin admin Administrator LDAP Setting Enable LDAP AD l...

Page 359: ...erface accessed by using the administrator password Password Type in new password in this field The length of the password is limited to 31 characters Confirm Password Type in the new password again S...

Page 360: ...ng screen will appear Simply click OK 4 Log out Vigor router web user interface by clicking the Logout button 5 The following window will be open to ask for username and password Type the new user pas...

Page 361: ...ith User Mode will be shown as follows Settings to be configured in User Mode will be less than settings in Admin Mode Only basic configuration settings will be available in User Mode Info Setting in...

Page 362: ...Item Description Enable Check this box to enable the login customization function Login Page Title Type a brief description e g Welcome to DrayTek which will be shown on the heading of the login dial...

Page 363: ...Vigor2832 Series User s Guide 351...

Page 364: ...stem Maintenance Configuration Backup The following page will be popped up as shown below Available settings are explained as follows Item Description Restore Choose File Click it to specify a file to...

Page 365: ...nfo Backup for Certification must be done independently The Configuration Backup does not include information of Certificate R Re es st to or re e C Co on nf fi ig gu ur ra at ti io on n 1 Go to Syste...

Page 366: ...ement If there is no name here simply lick the link to access into System Maintenance Management to set the router name Server IP Address The IP address of the Syslog server Destination Port Assign a...

Page 367: ...eck this box to activate this function while using e mail application User Name Type the user name for authentication Password Type the password for authentication Enable E mail Alert Check the box to...

Page 368: ...6 3 From the Syslog screen select the router you want to monitor Be reminded that in Network Information select the network adapter used to connect to the router Otherwise you won t succeed in retriev...

Page 369: ...e Internet Time Select to inquire time information from Time Server on the Internet using assigned protocol Time Server Type the web site of the time server Priority Choose Auto or IPv6 First as the p...

Page 370: ...Set the name for getting community by typing a proper character The default setting is public The maximum length of the text is limited to 23 characters Set Community Set community by typing a proper...

Page 371: ...is function USM User USM means user based security mode Type a username which will be used for authentication The maximum length of the text is limited to 23 characters Auth Algorithm Choose one of th...

Page 372: ...SL Encryption Setup and Device Management The management pages for IPv4 and IPv6 protocols are different V VI I 1 1 1 10 0 1 1 I IP Pv v4 4 M Ma an na ag ge em me en nt t S Se et tu up p Available set...

Page 373: ...ally Management Port Setup User Define Ports Check to specify user defined port numbers for the Telnet HTTP HTTPS FTP TR 069 and SSH servers Default Ports Check to use standard port numbers for the Te...

Page 374: ...w you managing the router from Internet Check the box es to specify Enable PING from the Internet Check the checkbox to enable all PING packets from the Internet For security issue this function is di...

Page 375: ...from LAN interface There are several servers provided by the system which allow you to manage the router from LAN interface Check the box es to specify Apply To Subnet Check the LAN interface for the...

Page 376: ...dule web page and you can use the number that you have set in that web page If you want to reboot the router using the current configuration check Using current configuration and click Reboot Now To r...

Page 377: ...e is www DrayTek com or local DrayTek s web site and FTP site is ftp DrayTek com Click System Maintenance Firmware Upgrade to launch the Firmware Upgrade Utility Choose the right firmware by clicking...

Page 378: ...lick System Maintenance Activation to open the following page for accessing http myvigor draytek com Available settings are explained as follows Item Description Activate via Interface Choose WAN inte...

Page 379: ...tem Description User Name Display the name of the existed user profile To modify the detailed settings simply click the user name link to access into the web page for modification Radius Check the box...

Page 380: ...item all of the user profiles listed in this page will be enabled with Local 802 1X service enabled vice versa Info For the detailed setting such as IP address port number configuration of internal RA...

Page 381: ...configuration of CPE device VigorACS the administrator server could use the KeepProfile Setting in the Provision page to always keep the parameter as original This document will demonstrate how to ke...

Page 382: ...min123 in Value field Click Save button to save the setting 2 ACS server will pops up Save Success window 3 Check ACS log Go to Log page select Device Action SetParameterLog and we could see there s o...

Page 383: ...es and keep the original setting 3 Wait a period of time for CPE inform Then from the ACS log we will find ACS has detected the parameter difference but assigned the original value again 4 Go back to...

Page 384: ...traffic can be throttled back to a lower speed If there s no defined priority to specify which packets should be discarded or in another term dropped from an overflowing queue packets of sensitive app...

Page 385: ...the backbone will do the same checking before executing treatments in order to ensure service level consistency throughout the whole QoS enabled network However each node may take different attitude...

Page 386: ...im mi it t In the Bandwidth Management menu click Sessions Limit to open the web page To activate the function of limit session simply click Enable and set the default session limit Available setting...

Page 387: ...cific limitation you set for each index Add Adds the specific session limitation onto the list above Edit Allows you to edit the settings for the selected limitation Delete Remove the selected setting...

Page 388: ...Description Bandwidth Limit Enable Click this button to activate the function of limit bandwidth IP Routed Subnet Check this box to apply the bandwidth limit to the second subnet specified in LAN Gen...

Page 389: ...for the specific limitation you set for each index Add Add the specific speed limitation onto the list above Edit Allow you to edit the settings for the selected limitation Delete Remove the selected...

Page 390: ...isplay which direction that such function will influence Class 1 Class2 Class 3 Others Display the bandwidth percentage for each class UDP Bandwidth Control Display the UDP bandwidth control is enable...

Page 391: ...general setup of WAN interface As to class rule simply click the Edit link to access into next for configuration You can configure general setup for the WAN interface edit the Class Rule and edit the...

Page 392: ...affic Check this box and click OK then click Setup link again You will see the Online Statistics link appearing on this page WAN Inbound Bandwidth It allows you to set the connecting rate of data inpu...

Page 393: ...und inbound must be smaller than the real bandwidth to ensure correct calculation of QoS It is suggested to set the bandwidth value for inbound outbound as 80 85 of physical network speed provided by...

Page 394: ...ype Determine the address type for the source address For Single Address you have to fill in Start IP address For Range Address you have to fill in Start IP address and End IP address For Subnet Addre...

Page 395: ...isted rule please select the radio button of that one and click Edit to open the rule edit page for modification E Ed di it t t th he e S Se er rv vi ic ce e T Ty yp pe e f fo or r C Cl la as ss s R R...

Page 396: ...ter finishing all the settings here please click OK to save the configuration By the way you can set up to 10 service types If you want to edit delete an existed service type please select the radio b...

Page 397: ...d Outbond bandwidth and bandwidth ratio Vigor router can perform the bandwidth management for the protocols streaming remote control web HD and so on Click Bandwidth Management APP QoS to open the fol...

Page 398: ...to all Choose one of the actions from the drop down list It is prepared for applying to all protocols Apply Click it to make the selected action be applied all of the selected protocols immediately Ac...

Page 399: ...elps you to well allocate the bandwidth upon your demand of Voice Video or Data transferring Let s see how to get the optimum bandwidth per your request by using DrayTek Vigor router as below Scenario...

Page 400: ...ick Edit to specify the local address 5 In the pop up window choose Range Address as the Address Type and type the start IP address and end IP address in relational fields Click OK to save the setting...

Page 401: ...r2832 Series User s Guide 389 7 The class rule for VoIP has been set Click OK to return to previous page 8 Do the same steps to add class rules for IPTV and Data Email with IP addresses as shown below...

Page 402: ...click the Setup link of WAN1 to set up the bandwidth for different groups among VoIP IPTV and Data Email 10 In the Setup page check the box of Enable the QoS Control Type 30 50 and 15 in the boxes for...

Page 403: ...Vigor2832 Series User s Guide 391 11 Click OK to save the settings The class rules for WAN1 are defined as shown below...

Page 404: ...s internal database Meanwhile children may chat on Skype in the restroom 1 Go to Bandwidth Management Quality of Service 2 Click Setup link of WAN 2 3 4 Make sure the QoS Control on the left corner is...

Page 405: ...Class 1 Click OK to save the settings 5 Click the Setup link for WAN2 The user can set reserved bandwidth e g 25 for E mail using protocol POP3 and SMTP Click OK to save the settings 6 Return to prev...

Page 406: ...Vigor2832 Series User s Guide 394 7 Click Setup link for WAN2 8 Check Enable UDP Bandwidth Control on the bottom to prevent enormous UDP traffic influence other application Click OK...

Page 407: ...apter 3 VPN for detail instruction he may set up an index for it Enter the Class Name of Index 3 In this index he will set reserved bandwidth for 1 VPN tunnel 10 Click Edit for Class 3 to open a new w...

Page 408: ...Vigor2832 Series User s Guide 396 12 Then click Edit of Local Address to set a worker s subnet address Click Edit of Remote Address to set headquarter s IP address Leave other fields and click OK...

Page 409: ...r account Network administrator can give different firewall policies or rules for different hosts with different User Management accounts This is more flexible and convenient for network management No...

Page 410: ...nts of the filter rule s applied to every user Available settings are explained as follows Item Description Mode There are two modes offered here for you to choose Each mode will bring different filte...

Page 411: ...lay IP Address on tracking window Check the box to display the IP address of the client on the tracking window Landing Page Type the information to be displayed on the first web page when the LAN user...

Page 412: ...iles up to 200 which will be applied for users controlled under User Management Simply open User Management User Profile To set the user profile please click any index number link to open the followin...

Page 413: ...n will be restricted with the conditions configured in this user profile The maximum length of the name you can set is 24 characters Password Type a password for such profile e g lug123 wug123 wug456...

Page 414: ...ter will authenticate the dial in user by itself or by external service such as LDAP server or Radius server or TACACS server If LDAP Radius or TACACS is selected here it is not necessary to configure...

Page 415: ...p Check this box to enable such function Index 1 15 in Schedule Setup You can type in four sets of time schedule for your request All the schedules can be set previously in Application Schedule web pa...

Page 416: ...When the scheduling time is up the router will use the default quota settings automatically Enable Check it to use the default setting for time quota and data quota Default Time Quota Type the value f...

Page 417: ...ed as follows Item Description Name Type a name for this user group Available User Objects You can gather user profiles objects from User Profile page within one user group All the available user obje...

Page 418: ...is page manually Index Display the number of the data flow User Display the users which connect to Vigor router currently You can click the link under the username to open the user profile setting pag...

Page 419: ...th User Management authentication function before a valid username and password have been correctly supplied a particular client will not be allowed to access Internet through the router There are thr...

Page 420: ...n some web browsers will display warning messages With Microsoft Internet Explorer you may get the following warning message Please press Continue to this website not recommended With Mozilla Firefox...

Page 421: ...appear Input the user name and the password for your account defined in User Management and click Login If the authentication is successful the client will be redirected to the original web site that...

Page 422: ...on you access an external web site to trigger the authentication You may also directly access the router s Web UI for authentication Both HTTP and HTTPS are supported for example http 192 168 1 1 or h...

Page 423: ...n Successful in the Welcome Message table Also you will get a Tracking Window if you don t block the pop up window Don t setup a user profile in User Management and a VPN Remote Dial in user profile w...

Page 424: ...via Web to do authentication If SSL Tunnel or SSL Web Proxy is disabled in the VPN profile a User Management account and a remote dial in VPN profile can use the same Username even with different pass...

Page 425: ...e expired time is Unlimited means the Time Quota function is not enabled for this account After login this account will not be expired until it is logout 3 In the Web interface of router the configura...

Page 426: ...which means this account has no time quota If the Time Quota is enabled and time is not 0 minute You will get the following message The expired time is shown after you login After you run out the ava...

Page 427: ...again Authentication via VigorPro Alert Notice Tool allows user to setup the re authentication interval so that the utility will send authentication requests periodically This will keep the client hos...

Page 428: ...le e 1 1 U Us se er rs s c ca an n s se ee e t th he e m me es ss sa ag ge e f fo or r l la an nd di in ng g p pa ag ge e a af ft te er r l lo og gg gi in ng g i in nt to o I In nt te er rn ne et t s...

Page 429: ...ck OK to save the settings 5 Open any browser e g FireFox Internet Explorer The logging page will appear and asks for username and password Please type the correct username and password 6 Click Login...

Page 430: ...ca al ll ly y a af ft te er r l lo og gg gi in ng g i in nt to o I In nt te er rn ne et t s su uc cc ce es ss sf fu ul ll ly y 1 In the field of Landing Page please type the words as below body stats...

Page 431: ...he following page check the box of Landing page and click OK to save the settings 4 Open any browser e g FireFox Internet Explorer The logging page will appear and asks for username and password Pleas...

Page 432: ...Vigor2832 Series User s Guide 420 5 Click Login If the logging is successful you will be directed into the website of www draytek com...

Page 433: ...Item Description External Device Auto Discovery Check this box to detect the external device automatically and display on this page From this web page check the box of External Device Auto Discovery L...

Page 434: ...rt t V VI II I O Ot th he er rs s USB device connected on Vigor router can be regarded as a server or WAN interface By way of Vigor router clients on LAN can access write and read data stored in USB...

Page 435: ...rts in a limited range usually will be applied in configuring router s settings therefore we can define them with objects and bind them with groups for using conveniently Later we can select that obje...

Page 436: ...ditions Available settings are explained as follows Item Description Set to Factory Default Clear all profiles Index Display the profile number that you can configure Name Display the name of the obje...

Page 437: ...with LAN DMZ RT VPN interface will be opened for you to choose in Edit Filter Rule page Address Type Determine the address type for the IP address Select Single Address if this object contains one IP...

Page 438: ...et Address type is selected Invert Selection If it is checked all the IP addresses except the ones listed above will be applied later while it is chosen 4 After finishing all the settings here please...

Page 439: ...ws Item Description Set to Factory Default Clear all profiles Index Display the profile number that you can configure Name Display the name of the group profile To set a new profile please do the step...

Page 440: ...ove will be shown in this box Selected IP Objects Click button to add the selected IP objects in this box 3 After finishing all the settings here please click OK to save the configuration V VI II I 1...

Page 441: ...for IPv6 address Select Any Address if this object contains any IPv6 address Select Mac Address if this object contains Mac address Match Type Specify which type 128 Bits or 64 Bits of address fomat...

Page 442: ...guration V VI II I 1 1 4 4 I IP Pv v6 6 G Gr ro ou up p This page allows you to bind several IPv6 objects into one IPv6 group Available settings are explained as follows Item Description Set to Factor...

Page 443: ...specified interface chosen above will be shown in this box Selected IPv6 Objects Click button to add the selected IPv6 objects in this box 3 After finishing all the settings please click OK to save t...

Page 444: ...Vigor2832 Series User s Guide 432 Set to Factory Default Clear all profiles Index Display the profile number that you can configure Name Display the name of the object profile...

Page 445: ...columns are available for TCP UDP protocol It can be ignored for other protocols The filter rule will filter out any port number when the first and last value are the same it indicates one port when t...

Page 446: ...6 6 S Se er rv vi ic ce e T Ty yp pe e G Gr ro ou up p This page allows you to bind several service types into one group Available settings are explained as follows Item Description Set to Factory De...

Page 447: ...ngs are explained as follows Item Description Name Type a name for this profile Maximum 15 characters are allowed Available Service Type Objects All the available service objects that you have added o...

Page 448: ...t 200 keyword object profiles for choosing as black white list in CSM URL Web Content Filter Profile Available settings are explained as follows Item Description Set to Factory Default Clear all profi...

Page 449: ...are explained as follows Item Description Name Type a name for this profile e g game Maximum 15 characters are allowed Contents Type the content for such profile For example type gambling as Contents...

Page 450: ...r Profile Available settings are explained as follows Item Description Set to Factory Default Clear all profiles Index Display the profile number that you can configure Name Display the name of the gr...

Page 451: ...box 3 After finishing all the settings please click OK to save the configuration V VI II I 1 1 9 9 F Fi il le e E Ex xt te en ns si io on n O Ob bj je ec ct t This page allows you to set eight profil...

Page 452: ...s 2 The configuration page will be shown as follows Available settings are explained as follows Item Description Profile Name Type a name for this profile The maximum length of the name you can set is...

Page 453: ...turn to factory default settings Index Display the profile number that you can configure Profile Display the name for such SMS profile SMS Provider Display the service provider which offers SMS servic...

Page 454: ...rd Type a password that the sender can use to register to selected SMS provider The maximum length of the password you can set is 31 characters Quota Type the number of the credit that you purchase fr...

Page 455: ...re fixed You can click the number e g 9 under Index column for configuration in details Available settings are explained as follows Item Description Profile Name Display the name of this profile It ca...

Page 456: ...r the system to send SMS After finishing all the settings here please click OK to save the configuration M Ma ai il l S Se er rv vi ic ce e O Ob bj je ec ct t This page allows you to set ten profiles...

Page 457: ...server Sender Address Type the e mail address of the sender Use SSL Check this box to use port 465 for SMTP server for some e mail server uses https as the transmission method Authentication The mail...

Page 458: ...g Notification Object and click the number e g 1 under Index column for configuration in details 2 The configuration page will be shown as follows Available settings are explained as follows Item Desc...

Page 459: ...o set several profiles of string object Click Add to open the following dialog Type the string you want and click OK A new profile e g index 1 with the defined string will be shown on the web page In...

Page 460: ...Log into the web user interface of Vigor router 2 Configure relational objects first Open Object Settings SMS Mail Server Object to get the following page Index 1 to Index 8 allows you to choose the b...

Page 461: ...ofile setting 5 Open Object Settings Notification Object to configure the event conditions of the notification 6 Choose any index number e g Index 1 in this case to configure conditions for sending th...

Page 462: ...choose SMS Provider and the Notify Profile specify the time of sending SMS Then type the phone number in the field of Recipient the one who will receive the SMS 9 Click OK to save the settings Later...

Page 463: ...P Pr ro ov vi id de er r Choose one of the Index numbers 9 or 10 allowing you to customize the SMS Provider In the web page type the URL string of the SMS provider and type the username and password...

Page 464: ...SB Application you can type the IP address of the Vigor router and username password created in USB Application USB User Management on the client software Then the client can use the FTP site USB stor...

Page 465: ...USB storage disk into the Vigor router please make sure the memory format for the USB storage disk is FAT16 or FAT32 It is recommended for you to use FAT32 for viewing the filename completely FAT16 c...

Page 466: ...ers and the host name can have as many as 23 characters Both them cannot contain any of the following Workgroup Name Type a name for the workgroup Host Name Type the host name for the router After fin...

Page 467: ...erved for FTP firmware upgrade usage Note FTP Passive mode is not supported by Vigor Router Please disable the mode on the FTP client Password Type the password for FTP SMB users for accessing FTP ser...

Page 468: ...you have to insert a USB storage disk into the USB interface of the Vigor router Otherwise you cannot save the configuration V VI II I 2 2 3 3 F Fi il le e E Ex xp pl lo or re er r File Explorer offer...

Page 469: ...t And then remove the USB device later Available settings are explained as follows Item Description Connection Status If there is no USB device connected to Vigor router No Disk Connected will be show...

Page 470: ...es User s Guide 458 V VI II I 2 2 5 5 M Mo od de em m S Su up pp po or rt t L Li is st t Such page provides the information about the brand name and model name of the USB modems which are supported by...

Page 471: ...Guide 459 V VI II I 2 2 6 6 S SM MB B C Cl li ie en nt t S Su up pp po or rt t L Li is st t SMB Client Support List provides the test status information for applications with file sharing operated un...

Page 472: ...e Explorer If it is necessary for you to delete copy files on the device or write paste files to the devcie it must be done through SMB server or FTP server SMB service is based on the original USB FT...

Page 473: ...ement Click index 1 link and click Enable to enable FTP SMB User account Here we add a new account user1 and assign authorities Read Write and List to it 4 Click OK to save the configuration 5 Make su...

Page 474: ...SB Application USB Disk Status The information for FTP server will be shown as below Now users in LAN of Vigor2832 can access into the USB storage device by typing ftp 192 168 1 1 on any browser They...

Page 475: ...Vigor2832 Series User s Guide 463 This page is left blank...

Page 476: ...64 P Pa ar rt t V VI II II I T Tr ro ou ub bl le es sh ho oo ot ti in ng g This part will guide you to solve abnormal situations if you cannot access into the Internet after installing the router and...

Page 477: ...ow to check your basic installation status stage by stage Checking if the hardware status is OK or not Checking if the network connection settings on your computer are OK or not Pinging the router fro...

Page 478: ...1 1 1 D Di ia al l o ou ut t T Tr ri ig gg ge er ri in ng g Click Diagnostics and click Dial out Triggering to open the web page The internet connection e g PPPoE is triggered by a package sending fr...

Page 479: ...e 467 V VI II II I 1 1 2 2 R Ro ou ut ti in ng g T Ta ab bl le e Click Diagnostics and click Routing Table to open the web page and Available settings are explained as follows Item Description Refresh...

Page 480: ...ware address MAC Address and an IP address Available settings are explained as follows Item Description Refresh Click it to reload the page V VI II II I 1 1 4 4 I IP Pv v6 6 N Ne ei ig gh hb bo ou ur...

Page 481: ...D DH HC CP P T Ta ab bl le e The facility provides information on IP address assignments This information is helpful in diagnosing network problems such as IP address conflicts etc Click Diagnostics...

Page 482: ...o reload the page V VI II II I 1 1 6 6 N NA AT T S Se es ss si io on ns s T Ta ab bl le e Click Diagnostics and click NAT Sessions Table to open the list page Available settings are explained as follo...

Page 483: ...nd displayed on Diagnostics DNS Cache Table Available settings are explained as follows Item Description Clear Click this link to remove the result on the window Refresh Click it to reload the page Wh...

Page 484: ...drop down list to choose the WAN interface that you want to ping through or choose Unspecified to be determined by the router automatically Ping to Use the drop down list to choose the destination tha...

Page 485: ...t and IP session limit before invoking Data Flow Monitor If not a notification dialog box will appear to remind you enabling it Click Diagnostics and click Data Flow Monitor to open the web page You c...

Page 486: ...ied in Limit Session web page Action Block can prevent specified PC accessing into Internet within 5 minutes Unblock The device with the IP address will be blocked for five minutes The remaining time...

Page 487: ...set to zero the accumulated RX TX received and transmitted data of WAN Click Refresh to renew the graph at any time The horizontal axis represents time Yet the vertical axis has different meanings For...

Page 488: ...Simply type the IP address of the host in the box and click Run The result of route trace will be shown on the screen or Available settings are explained as follows Item Description IPv4 IPv6 Click o...

Page 489: ...and choose the display mode you want Later the event of Syslog with specified type will be shown for your reference Available settings are explained as follows Item Description Enable Web Syslog Chec...

Page 490: ...ay the type of the record Message Display the information for each event V VI II II I 1 1 1 13 3 T TS SP PC C S St ta at tu us s IPv6 TSPC status web page could help you to diagnose the connection sta...

Page 491: ...o on n L Lo og g This page will display the complete authentication log information Available settings are explained as follows Item Description Enable Check the box to enable such function Refresh Cl...

Page 492: ...vironment to find out if there is any abnormal connection Information of IP traced and destination port used for SYN Flood UDP Flood and ICMP Flood attacks will be detected and shown respectively on d...

Page 493: ...following web page will be blocked forever Available settings are explained as follows Item Description Blocking IP Type the IP address in this field and click add It will be added to the IP List and...

Page 494: ...the hardware status 1 Check the power line and WLAN LAN cable connections Refer to I 2 Hardware Installation for details 2 Turn on the router Make sure the ACT LED blink once per second and the corres...

Page 495: ...he link is stilled failed please do the steps listed below to make sure the network connection settings is OK F Fo or r W Wi in nd do ow ws s Info The example is based on Windows 7 As to the examples...

Page 496: ...r2832 Series User s Guide 484 4 Select Internet Protocol Version 4 TCP IP and then click Properties 5 Select Obtain an IP address automatically and Obtain DNS server address automatically Finally clic...

Page 497: ...ide 485 F Fo or r M Ma ac c O OS S 1 Double click on the current used Mac OS on the desktop 2 Open the Application folder and get into Network 3 On the Network screen select Using DHCP from the drop d...

Page 498: ...router correctly F Fo or r W Wi in nd do ow ws s 1 Open the Command Prompt window from Start menu Run 2 Type command for Windows 95 98 ME or cmd for Windows NT 2000 XP Vista 7 8 The DOS command dialo...

Page 499: ...Vigor2832 Series User s Guide 487...

Page 500: ...gured in Vigor router Check if the LEDs on Vigor router are on or not If not please install an additional switch for connecting both Vigor router and the modem offered by ISP Then check if the LEDs on...

Page 501: ...k c co on nn ne ec ct ti io on n d do oe es s n no ot t w wo or rk k Check the PIN Code of SIM card is disabled or not Please use the utility of 3G 4G USB Modem to disable PIN code and try again If i...

Page 502: ...essing factory default setting you will loose all settings you did before Make sure you have recorded all useful settings before you pressing The password of factory default is null S So of ft tw wa a...

Page 503: ...Then the router will restart with the default configuration After restore the factory default setting you can configure the settings for the router again to fit your personal request V VI II II I 8 8...

Page 504: ...he difficulty is how to handle the traffics between two or more Ethernet switches Thus VLAN is suitable for some circumstances for example the rental apartment SOHO office and so on These clients may...

Page 505: ...packet as the VID of Trunk port while forwarding the packets to another switch Bridge mode of WAN P1 and P2 are doing NAT flow to access to the internet but P3 and P4 will forward the packets between...

Page 506: ...Vigor2832 Series User s Guide 494...

Page 507: ...Vigor2832 Series User s Guide 495 LAN V VL LA AN N a ap pp pl li ic ca at ti io on ns s o on n V Vi ig go or r r ro ou ut te er r Multi Subnet VLAN of LAN...

Page 508: ...ver LAN1 LAN2 LAN3 LAN4 However the traffics of the LAN port or SSID that are NOT being grouped in the same VLAN are unable to forward to each other The benefit of Port based is able to extend the wir...

Page 509: ...to be isolated from your private network due to the security considerations it can be done by above settings However a switch support VLAN function is need if VLAN Tag enabled Triple Play Multi WAN N...

Page 510: ...Vigor2832 Series User s Guide 498...

Page 511: ...dge mode with VLAN Set top box STB or the other kinds of media devices are able to attach with Port4 or Port5 of LAN Those devices that attached with Port4 or Port5 are able to access the services net...

Page 512: ...Vigor2832 Series User s Guide 500 P Pa ar rt t I IX X D Dr ra ay yT Te ek k T To oo ol ls s...

Page 513: ...ol VPN connections such as IPSec PPTP L2TP protocols for secure data exchange and communication With SSL VPN embedded on Vigor routers teleworkers can have convenient and simple access to central site...

Page 514: ...L L V VP PN N T Tu un nn ne el l SmartVPN APP for Android is now available on Google play This document demonstrates how to use the APP to establish a SSL VPN tunnel 1 On VPN server create a SSL user...

Page 515: ...r Routers it is 443 by default d Tap SAVE to save the profile or to cancel Info Installation of relevant Root CA is required to enable server certificate authentication If you check Use default gatewa...

Page 516: ...Vigor2832 Series User s Guide 504 7 When the tunnel is up the profile will turn green Tap the bar again will disconnect the tunnel 8 Tap the pencil icon to edit or remove the profile...

Page 517: ...Vigor2832 Series User s Guide 505 This page is left blank...

Page 518: ...Vigor2832 Series User s Guide 506 P Pa ar rt t X X T Te el ln ne et t C Co om mm ma an nd ds s...

Page 519: ...Windows Features of Telnet Client has been turned on under Control Panel Programs Type cmd and press Enter The Telnet terminal will be open later In the following window type Telnet 192 168 1 1 as be...

Page 520: ...ide 508 For users using previous Windows system e g 2000 XP simply click Start Run and type Telnet 192 168 1 1 in the Open box as below Next type admin admin for Account Password And type to get a lis...

Page 521: ...s command is used to display current status of ADSL setting S Sy yn nt ta ax x adsl status E Ex xa am mp pl le e adsl status ATU R Info hw annex A f w annex A Running Mode State TRAINING DS Actual Rat...

Page 522: ...te 4 VCMUX_Bridge 5 VCMUX_Route 6 IPoE Proto It means the protocol used to connect Internet Different numbers represent different protocols 0 PPPoA 1 PPPoE 2 MPoA Modu 0 T1 413 2 G dmt 4 Multi 5 ADSL2...

Page 523: ...number and must be between 0 Channel 1 to 7 Channel 8 status It means to shown the whole bridge status save It means to save the configuration to flash enable It means to enable the Multi VLAN functio...

Page 524: ...re largest power of data transmission Please follow the steps below to set adsl drivermode 1 Please connect dsl line to the DSLAM 2 Waiting for dsl SHOWTIME 3 Drop the dsl line 4 Now it is on continuo...

Page 525: ...vel 5 for F5 End to End VC level chklink Check the DSL connection Log_on log_off Enable or disable the OAM log for debug E Ex xa am mp pl le e adsl oamlb chklink on OAM checking dsl link is ON adsl oa...

Page 526: ...L mode set Use default settings plus the new added ADSL mode default Use default settings show Display current setting adsl_mode There are three modes to be choose ANNEXL ANNEXM and ANNEXJ E Ex xa am...

Page 527: ...s us ds bi us means upstream ds means downstream bi means bidirection value The values for different functions change slightly bitswap 0 2 sra 0 2 3 4 on off Type on for enabling such function Type of...

Page 528: ...om mm ma an nd d a ad ds sl l a at tm m This command can set QoS parameter for ATM adsl atm pcr pvc_no PCR max status adsl atm scr pvc_no SCR status adsl atm mbs pvc_no MBS status adsl atm status S Sy...

Page 529: ...set done bind pvc3 to pvc5 The above example means PVC3 has been bound to PVC5 adsl pvcbinding 3 1 clear pvc 1 binding The above example means the PVC3 binding group has been removed T Te el ln ne et...

Page 530: ...e settings are 1 and 2 a enable 1 0 to enable disable this entry n UserName contact UserName max 24 characters p PassWord contact PassWord max 24 characters s select It means to specify an IP address...

Page 531: ...sm appe set i INDEX v GROUP e AP_IDX d AP_IDX a AP_IDX ACTION S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description INDEX Specify the index number of CSM profile from 1 to 32 v Vi...

Page 532: ...how t Type Index Name Version Advance Advanced Option M essage F ile Transfer G ame C onference and O ther Activities PROTOCOL 52 DB2 PROTOCOL 53 DNS PROTOCOL 54 FTP PROTOCOL 55 HTTP 1 1 PROTOCOL 56 I...

Page 533: ...load interface S Sy yn nt ta ax x csm appe interface AUTO WAN S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n P Pa ar ra am me et te er r D De es sc cr ri ip pt ti io on n AUTO Vigor router speci...

Page 534: ...n n show Display all of the profiles setdefault Return to default settings for all of the profile msg MSG Set the administration message MSG means the content less than 255 characters of the message i...

Page 535: ...INDEX uac o KEY_WORD_Object_Index csm ucf obj INDEX uac g KEY_WORD_Group_Index S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description INDEX Specify the index number of CSM profile...

Page 536: ...game Log none Priority Select Bundle Pass Enable URL Access Control Action pass v Prevent web access from IP address No Obj NO Object Name No Grp NO Group Name csm ucf obj 1 uac a B Profile Index 1 P...

Page 537: ...e Enable the restriction of web feature d Disable the restriction of web feature a Set the action of web feature P or B B Block The web access meets the web feature will be blocked P Pass The web acce...

Page 538: ...Parameter Description show Display the web content filter profiles Look Display the license information of WCF Cache Set the cache level for the profile Server WCF_SERVER Set web content filter server...

Page 539: ...phy Sexually Explicit Weapons Violence School Cheating Sex Education Tasteless Child Abuse Imges Entertainment Games Sports Travel Leisure Recreation Fashin Beauty Business Job Search Web based Emai C...

Page 540: ...buse Images leisure Group Entertainment Games Sports Travel Leisure Recreation Fashion Beauty T Te el ln ne et t C Co om mm ma an nd d c cs sm m d dn ns sf f It means to configure the settings regardi...

Page 541: ...ck page for redirect port When a web page is blocked by DNS filter the router system will send a message page to describe that the page is not allowed to be visisted ON Enable the function of displayi...

Page 542: ...o os s This command allows users to configure the settings for DoS defense system dos V D A dos s ATTACK_F THRESHOLD TIMEOUT dos a e ATTACK_F ATTACK_0 d ATTACK_F ATTACK_0 S Sy yn nt ta ax x D De es sc...

Page 543: ...ri ip pt ti io on n Parameter Description W n W means to set WAN interface 1 WAN1 2 WAN2 Default is WAN1 M n M means to set Internet Access Mode Mandatory and n means different modes represented by 0...

Page 544: ...de Modem Dial String max 31 characters v service name Set PPP mode Service Name max 23 characters m ppp username Set PPP mode PPP Username max 63 characters o ppp password Set PPP mode PPP Password ma...

Page 545: ...nd d i ip p p pu ub bs su ub bn ne et t This command allows users to enable or disable the IP routing subnet for your router S Sy yn nt ta ax x ip pubsubnet Enable Disable S Sy yn nt ta ax x D De es...

Page 546: ...ubnet IP address Specify a subnet mask The system will set the one that you specified as the public subnet mask E Ex xa am mp pl le e ip pubmask ip pubmask public subnet mask Now 255 255 255 0 ip pubm...

Page 547: ...a am mp pl le e ip addr 192 168 50 1 Set IP address OK Info When the LAN IP address is changed the start IP address of DHCP server are still the same To make the IP assignment of the DHCP server being...

Page 548: ...arp setCacheLife is set with 60 it means you have an ARP cache at 0 second Sixty seconds later without any ARP messages received the system will think such ARP cache is expired The system will issue a...

Page 549: ...ptional setting for DHCP server h display usage l list all custom set DHCP options d delete custom dhcp client option by index number e enable disable option feature 1 enable 0 disable w set WAN numbe...

Page 550: ...ply from 172 16 3 229 time 0ms Packets Sent 5 Received 5 Lost 0 0 loss T Te el ln ne et t C Co om mm ma an nd d i ip p t tr ra ac ce er rt t This command allows users to trace the routes from the rout...

Page 551: ...D De es sc cr ri ip pt ti io on n Parameter Description 0 1 2 0 means disable 1 means LAN1 and 2 means IP Routed E Ex xa am mp pl le e ip rip 1 Set RIP LAN1 T Te el ln ne et t C Co om mm ma an nd d i...

Page 552: ...otocol enable T Te el ln ne et t C Co om mm ma an nd d i ip p r ro ou ut te e This command allows users to set static route S Sy yn nt ta ax x ip route add dst netmask gateway ifno rtype ip route del...

Page 553: ...efault route clean Clean all of the route settings 1 Enable the function 0 Disable the function E Ex xa am mp pl le e ip route add 172 16 2 0 255 255 255 0 172 16 2 4 3 static ip route status Codes C...

Page 554: ...ans to disable proxy server wan It means to specify WAN interface for IGMP service query It means to set IGMP general query interval The default value is 125000 ms ppp 0 No need to set IGMP with PPP h...

Page 555: ...onfiguration txquery on off v2 v3 IGMP query will be sent out to LAN periodically mode hw sw Make IGMP snooping work on software or hardware chkleave on off Off Vigor router will drop LEAVE if clients...

Page 556: ...t C Co om mm ma an nd d i ip p d dm mz zs sw wi it tc ch h This command is to enable disable private IP DMZ or Active True IP DMZ for DMZ host S Sy yn nt ta ax x ip dmzswitch off ip dmzswitch private...

Page 557: ...um Set the default number of session num limit for p2p status Display the current settings show Display all session limit settings in the IP range timer num Set when the IP session block works The uni...

Page 558: ...e current settings show Display all the bandwidth limits settings within the IP range add Add the bandwidth within the IP range del Delete the bandwidth within the IP range IP1 IP2 It means the range...

Page 559: ...P bindmac policy table can access into network show Display the IP address and MAC address of the pair of binded one add Add one IP bindmac del Delete one IP bindmac IP Type the IP address for binding...

Page 560: ...in several commands in one line General Setup for Policy Route i value Specify an index number for setting policy route profile Value 1 to 60 1 means to get a free policy index automatically e 0 1 0 D...

Page 561: ...olicy route profile Value Type a number 0 250 The default value is 150 I value Indicate the interface specified for the policy route profile Value Available interfaces include LAN1 LAN8 IP_Routed_Subn...

Page 562: ...pl le e ip policy_rt diagnose s 192 168 1 100 d any p any t ICMP Matched Route Priority No_Match Matched Policy Priority Policy_1 200 Conclusion The packet was dropped because the send to interface o...

Page 563: ...ng T Te el ln ne et t C Co om mm ma an nd d i ip p d dn ns sf fo or rw wa ar rd d This command is used to set LAN DNS profile for conditional DNS forwarding ip dnsforward command parameter S Sy yn nt...

Page 564: ...It means to add a static ipv6 address d It means to delete an ipv6 address a It means to show current address es status u It means to show only unicast addresses prefix It means to type the prefix nu...

Page 565: ..._opt WAN2 S 1 ip6 dhcp req_opt WAN2 r 1 ip6 dhcp req_opt WAN2 a Interface WAN2 is set to request following DHCPv6 options sip name T Te el ln ne et t C Co om mm ma an nd d i ip p6 6 d dh hc cp p c cl...

Page 566: ...p server settings command parameter The available commands with parameters are listed below means that you can type in several commands in one line a It means to show current DHCPv6 status i pool_min_...

Page 567: ...3 AICCU n 4 DHCPv6 n 5 Static n 6 6in4 Static n 7 6rd command parameter The available commands with parameters are listed below means that you can type in several commands in one line For 6rd C n Set...

Page 568: ...IPv6 address For others d server Set 1st DNS Server IP server IPv6 Address D server Set 2nd DNS Server IP server IPv6 Address t dhcp ra none Set ipv6 PPP WAN test mode for DHCP or RA V View IPv6 Inter...

Page 569: ...1 WAN2 USB1 USB2 S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description s It means to add a neighbour d It means to delete a neighbour a It means to show neighbour status inet6_add...

Page 570: ...E80 250 7FFF FE12 300 successfully added T Te el ln ne et t C Co om mm ma an nd d i ip p6 6 r ro ou ut te e This command allows you to S Sy yn nt ta ax x ip6 route s prefix prefix length gateway LAN W...

Page 571: ...Pv6 address or a host S Sy yn nt ta ax x ip6 ping IPV6 address Host LAN1 LAN2 LAN4 WAN1 WAN2 USB1 USB2 send count data_size 1 1452 S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Descri...

Page 572: ...01 4DE0 A 1 330 ms 4 2001 4DE0 1000 34 1 340 ms 5 2001 7F8 1 A501 5169 1 330 ms 6 2001 4860 1 0 4B3 350 ms 7 2001 4860 8 0 2DAF 330 ms 8 2001 4860 2 0 66E 340 ms 9 Request timed out 10 2001 4860 4860...

Page 573: ...etime It means to set the lifetime The lifetime associated with the default router in units of seconds It s used to control the lifetime of the prefix The maximum value corresponds to 18 2 hours A lif...

Page 574: ...ess list status It means to show the status of IPv6 management add It means to add an IPv6 address which can be used to execute management through Internet index It means the number 1 2 and 3 allowed...

Page 575: ...e ip6 online WAN1 WAN1 online status IPv6 WAN1 Disabled Default Gateway Interface DOWN UpTime 0 00 00 IPv6 DNS Server Static IPv6 DNS Server Static IPv6 DNS Server Static Tx packets 0 Tx bytes 0 Rx p...

Page 576: ...ty IPv6 First T Te el ln ne et t C Co om mm ma an nd d i ip p6 6 l la an n This command allows you to configure settings for IPv6 LAN S Sy yn nt ta ax x ip6 lan l n l w d D m o s parameter S Sy yn nt...

Page 577: ...rimary WAN1 T Te el ln ne et t C Co om mm ma an nd d i ip pf f v vi ie ew w IPF users to view the version of the IP filter to view set the log flag to view the running IP filter rules ipf view Vcdhrtz...

Page 578: ...ket Type 2 to display the log of blocked packet Type 3 to display the log of non matching packet p VALUE It means to setup actions for packet not matching any rule e g p 1 Type 0 to let all the packet...

Page 579: ...saved ipf set v Call Filter Enable Start Filter Set 1 Data Filter Enable Start Filter Set 2 Log Flag None Actions for packet not matching any rule Pass or Block Pass CodePage ANSI 1252 Latin I Max Se...

Page 580: ...1 Single Address 2 Any Address 3 Range Address Example Set Subnet Address s u 0 192 168 1 10 255 255 255 0 Set Single Address s u 1 192 168 1 10 Set Any Address s u 2 Set Range Address s u 3 192 168...

Page 581: ...he classification for QoS index Available settings contain 1 Class 1 2 Class 2 3 Class 3 4 Other log flag 0 means disable to save and display in Syslog 1 means enable to save and display in Syslog l w...

Page 582: ...8 ANSI 1257 Baltic 9 ANSI 1258 Viet Nam 10 OEM 437 United States 11 OEM 850 Multilingual Latin I 12 OEM 860 Portuguese 13 OEM 861 Icelandic 14 OEM 863 Canadian French 15 OEM 865 Nordic 16 ANSI OEM 874...

Page 583: ...d i ip pf f f fl lo ow wt tr ra ac ck k This command is used to set and view flowtrack sessions ipf flowtrack set re ipf flowtrack view fb ipf flowtrack i p t S Sy yn nt ta ax x D De es sc cr ri ip pt...

Page 584: ...tate T Te el ln ne et t C Co om mm ma an nd d L Lo og g This command allows users to view log for WAN interface such as call log IP filter log flush log buffer etc log cfhiptwx F a c f w S Sy yn nt ta...

Page 585: ...x ldap user INDEX OPTION S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description INDEX Specify the index number 1 to 8 of the LDAP profile OPTION n VALUE Setup Profile Name b VALUE...

Page 586: ...ap set Options Value S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description enable 0 1 Enable or disable LDAP function 0 Disable the function 1 Enable the function type 0 2 Set the...

Page 587: ...ttings for RADIUS server S Sy yn nt ta ax x radius enable 0 1 radius authport port number radius client add idx i address m mask p prefix l length s secret radius client del idx radius show radius set...

Page 588: ...fy which method will be used Dot1x_phase2 can only support MS CHAPv2 now So only 1 can be used for it e Set method for dot1x_phase1 or dot1x_phase2 d Delete method for dot1x_phase1 or dot1x_phase2 E E...

Page 589: ...Te el ln ne et t C Co om mm ma an nd d m mn ng gt t f ft tp pp po or rt t This command allows users to set FTP port for management mngt ftpport FTP port S Sy yn nt ta ax x D De es sc cr ri ip pt ti i...

Page 590: ...n nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description Telnet port It means to type the number for telnet port The default setting is 23 E Ex xa am mp pl le e mngt telnetport 23 Set Teln...

Page 591: ...PING packets will be forwarded from LAN PC to Internet off All PING packets will be blocked from LAN PC to Internet viewlog It means to display a log of ping action including source MAC and source IP...

Page 592: ...s to remove the log of defense worm packet E Ex xa am mp pl le e mngt defenseworm add 21 Add TCP port 21 Block TCP port list 135 137 138 139 445 21 mngt defenseworm del 21 Delete TCP port 21 Block TCP...

Page 593: ...yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description e 0 1 It means to enable disable the function 0 disable the function 1 enable the function s value It means to specify service off...

Page 594: ...packet disable It means to drop the echo ICMP packet E Ex xa am mp pl le e mngt echoicmp enable Echo ICMP packet enabled T Te el ln ne et t C Co om mm ma an nd d m mn ng gt t a ac cc ce es ss sl li i...

Page 595: ...etting community by typing a proper character max 23 characters s Community name It means to set community by typing a proper name max 23 characters m IP address It means to set one host as the manage...

Page 596: ...ddress for the specified LAN interface msubnet addr 2 3 4 IP address S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description 2 3 4 5 6 It means LAN interface 2 LAN2 3 LAN3 4 LAN4 IP...

Page 597: ...e msubnet status 2 LAN2 Off 0 0 0 0 0 0 0 0 PPP Start IP 0 0 0 60 DHCP server Off Dhcp Gateway 0 0 0 0 Start IP 0 0 0 10 Pool Count 50 T Te el ln ne et t C Co om mm ma an nd d m ms su ub bn ne et t d...

Page 598: ...Please use sys reboot command to reboot the router T Te el ln ne et t C Co om mm ma an nd d m ms su ub bn ne et t g ga at te ew wa ay y This command is used to configure an IP address as the gateway u...

Page 599: ...i ip pt ti io on n Parameter Description 1 2 3 4 It means LAN interface 1 LAN1 2 LAN2 3 LAN3 4 LAN4 On Off On It means to establish a link for the selected LAN with others Off It means to terminate th...

Page 600: ...subnet pppip 2 3 4 Start IP S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description 2 3 4 It means LAN interface 2 LAN2 3 LAN3 4 LAN4 Start IP Type an IP address as the starting IP...

Page 601: ...t 1 B node 2 P node 4 M node 8 H node T Te el ln ne et t C Co om mm ma an nd d m ms su ub bn ne et t p pr ri im mW WI IN NS S This command is used to configure primary WINS server msubnet primWINS 2 3...

Page 602: ...bnet secWINS 2 3 4 WINS IP S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description 2 3 4 It means LAN interface 2 LAN2 3 LAN3 4 LAN4 WINS IP Type the IP address as the WINS IP E Ex...

Page 603: ...N3 LAN4 msubnet tftp 2 publish Set LAN2 TFTP Server Name done msubnet tftp msubnet tftp 2 3 4 TFTP server name Now LAN2 publish LAN3 LAN4 T Te el ln ne et t C Co om mm ma an nd d m ms su ub bn ne et t...

Page 604: ...s INDEX It means the index number of the specified object profile v It means to view the information of the specified object profile Example object ip obj 1 v n NAME It means to define a name for the...

Page 605: ...object ip grp INDEX a IP_OBJ_INDEX S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description setdefault It means to return to default settings for all profiles INDEX It means the inde...

Page 606: ...Guide 594 Interface Any Included ip object index 0 0 1 0 2 0 3 0 4 0 5 0 6 0 7 0 object ip grp 2 i 1 object ip grp 2 a 1 2 IP Group Profile 2 Name First Interface Lan Included ip object index 0 1 1 2...

Page 607: ...15 characters Example object ip obj 9 n bruce i INTERFACE It means to define an interface for the IP object INTERFACE 0 means any INTERFACE 1 means LAN INTERFACE 3 means WAN Example object ip obj 8 i...

Page 608: ...the specified group profile v It means to view the information of the specified group profile Example object ip grp 1 v n NAME It means to define a name for the IP group NAME Type a name with less tha...

Page 609: ...ect profile Example object service obj 1 v n NAME It means to define a name for the IP object NAME Type a name with less than 15 characters Example object service obj 9 n bruce i PROTOCOL It means to...

Page 610: ...range 120 240 Destination port check action Destination port range 200 220 T Te el ln ne et t C Co om mm ma an nd d o ob bj je ec ct t s se er rv vi ic ce e g gr rp p This command is used to integrat...

Page 611: ...INDEX v object kw obj INDEX n NAME object kw obj INDEX a CONTENTS S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description setdefault It means to return to default settings for all p...

Page 612: ...l of the profiles setdefault It means to return to default settings for all profiles INDEX It means the index number from 1 to 8 of the specified file extension object profile v It means to view the i...

Page 613: ...usic Image category bmp dib gif jpeg jpg jpg2 jp2 pct pcx pic pict png tif tiff Video category asf avi mov mpe mpeg mpg v mp4 qt rm v wmv 3gp 3gpp 3gpp2 3g2 Audio category v aac v aiff v au v mp3 v m4...

Page 614: ...xrx restart sta tus Set the LAN Port Mirror function On Enable the function Off Disable the function Port Set the mirror port E g port sniff p1 TXRX Set the port number to be mirrored for transmitting...

Page 615: ...ion timeout w sec It means TCP WWW protocol sec Type a number to set the TCP WWW session timeout s sec It means TCP SYN protocol sec Type a number to set the TCP SYN session timeout f It means to flus...

Page 616: ...tart port Specify a starting port number for Specific Host mode e end port Specify an ending port number for Specific Host mode E Ex xa am mp pl le e ppa m 1 p 1 b 0 Set ok The PPA mode is Auto You ne...

Page 617: ...coming traffic only 2 out apply to outgoing traffic only 3 both apply to both incoming and outgoing traffic Default is enable for outgoing traffic i bandwidth It means to set inbound bandwidth in kbps...

Page 618: ...inbound bandwidth set to 9500 outbound bandwidth set to 8500 WAN2 class 3 ratio set to 20 WAN2 udp bandwidth control set to enable WAN2 udp bandwidth limit ratio set to 50 WAN2 Outbound TCP ACK Prior...

Page 619: ...y for example l 172 16 3 9 addr1 addr2 It means Range address Please specify the IP addresses for example l 172 16 3 9 172 16 3 50 addr1 subnet It means the subnet address with start IP address Please...

Page 620: ...t t C Co om mm ma an nd d q qo os s t ty yp pe e This command allows user to configure protocol type and port number for QoS S Sy yn nt ta ax x qos type a service name e no d no S Sy yn nt ta ax x D D...

Page 621: ...E Ex xa am mp pl le e qos voip off QoS for VoIP Disable SIP Port 5060 T Te el ln ne et t C Co om mm ma an nd d q qu ui it t This command can exit the telnet command screen T Te el ln ne et t C Co om m...

Page 622: ...pping status Index Status WAN4 aux IP Private IP 1 Disable 0 0 0 0 T Te el ln ne et t C Co om mm ma an nd d s sh ho ow w d dn ns s This command displays current status of DNS setting E Ex xa am mp pl...

Page 623: ...0 0 0 0 0 12 0 0 0 0 0 0 0 13 0 0 0 0 0 0 0 14 0 0 0 0 0 0 0 15 0 0 0 0 0 0 0 16 0 0 0 0 0 0 0 17 0 0 0 0 0 0 0 18 0 0 0 0 0 0 0 19 0 0 0 0 0 0 0 20 0 0 0 0 0 0 0 MORE q Quit Enter New Lines Space Ba...

Page 624: ...0 WAN2 Current Session Usage 0 WAN3 Current Session Usage 0 WAN4 Current Session Usage 0 T Te el ln ne et t C Co om mm ma an nd d s sh ho ow w s st ta at tu us s This command displays current status...

Page 625: ...rsion 1 544e0000 ADSL Firmware Version 06 06 01 07 00 01 Power Management Mode DSL_G997_PMS_NA Test Mode DISABLE ATU C Info Far Current Attenuation 0 dB Far SNR Margin 0 dB CO ITU Version 0 00000000 C...

Page 626: ...Vigor2832 Series User s Guide 614 show statistic reset wan1 Reset WAN1 tx rx Bytes to zero...

Page 627: ...me Set a name of the host for SMB service set access LAN or LANWAN Allow to access into SMB server by LAN or borth LA N and WAN E Ex xa am mp pl le e smb setting enable SMB service is enabled smb sett...

Page 628: ...c status Index MAC Address T Te el ln ne et t C Co om mm ma an nd d s sr rv v d dh hc cp p d dn ns s1 1 This command allows users to set Primary IP Address for DNS Server in LAN srv dhcp dns1 srv dhcp...

Page 629: ...or the DHCP server DNS IP address It means the IP address that you want to use as DNS2 Note The IP Routed Subnet DNS must be the same as NAT Subnet DNS E Ex xa am mp pl le e srv dhcp dns2 10 1 1 1 srv...

Page 630: ...dhcp frcdnsmanl on Domain name server now is using manual settings srv dhcp frcdnsmanl off Domain name server now is using auto settings T Te el ln ne et t C Co om mm ma an nd d s sr rv v d dh hc cp...

Page 631: ...c cp p o on n This function allows users to turn on DHCP server It needs rebooting router please type sys reboot command to reboot router T Te el ln ne et t C Co om mm ma an nd d s sr rv v d dh hc cp...

Page 632: ...ke effect after rebooting Please use sys reboot command to reboot the router T Te el ln ne et t C Co om mm ma an nd d s sr rv v d dh hc cp p s st ta at tu us s This command can display general informa...

Page 633: ...ns the lease time that DHCP server can use The unit is second E Ex xa am mp pl le e srv dhcp leasetime srv dhcp leasetime Lease Time sec Now 86400 T Te el ln ne et t C Co om mm ma an nd d s sr rv v d...

Page 634: ...hcp primWINS 192 168 1 88 srv dhcp primWINS srv dhcp primWINS WINS IP address srv dhcp primWINS clear Now 192 168 1 88 T Te el ln ne et t C Co om mm ma an nd d s sr rv v d dh hc cp p s se ec cW WI IN...

Page 635: ...x D De es sc cr ri ip pt ti io on n Parameter Description TFTP server name It means to type the name of TFTP server E Ex xa am mp pl le e srv dhcp tftp TF123 srv dhcp tftp srv dhcp tftp TFTP server n...

Page 636: ...by typing string a It means to set the option value by specifying the IP address x It means to set option number with the format of Hexadecimal characters u It means to update the option value of the...

Page 637: ...enable disable such feature 1 enable 0 disable i It means to specify the private IP address of the DMZ host r It means to remove DMZ host setting v It means to display current status E Ex xa am mp pl...

Page 638: ...n less than 23 characters for the defined network service i local ip It means to set the IP address for local computer Local ip Type an IP address in this field w idx It means to specify the public IP...

Page 639: ...index number is from 1 to 10 serv name It means to type one name as service name proto It means to specify TCP or UDP as the protocol pub port It means to specify which port can be redirected to the s...

Page 640: ...ri ig gg ge er r This command allows users to configure port triggering settings for NAT S Sy yn nt ta ax x srv nat trigger setdefault srv nat trigger view srv nat trigger n command parameter S Sy yn...

Page 641: ...00 srv nat trigger 1 v Port Trigger Rule Index 1 Status Enable Comment after_dinner2000 Triggering Protocol TCP Triggering Port 2000 Incoming Protocol UDP Incoming Port 3000 T Te el ln ne et t C Co om...

Page 642: ...Redirection O Open Ports D DMZ T Te el ln ne et t C Co om mm ma an nd d s sw wi it tc ch h i i This command is used to obtain the TX transmitted or RX received data for each connected switch S Sy yn n...

Page 643: ...on n Parameter Description 0 Disable the option of No Respond to External Device packets 1 Enable the option of No Respond to External Device packets E Ex xa am mp pl le e switch not_respond 1 slave n...

Page 644: ...sw wi it tc ch h q qu ue er ry y This command is used to enable or disable the switch query E Ex xa am mp pl le e switch query on Extern Device status query is Enable switch query off Extern Device s...

Page 645: ...ew 1 Index 1 User Name carrie User Password test123 T Te el ln ne et t C Co om mm ma an nd d s sy ys s b bo on nj jo ou ur r This command is used to disable enable and configure the Bonjour service sy...

Page 646: ...ma an nd d s sy ys s c cm md dl lo og g This command displays the history of the commands that you have typed E Ex xa am mp pl le e sys cmdlog Commands Log The lowest index is the newest 1 sys cmdlog...

Page 647: ...2 clear Now wan1 clever wan2 intelligent T Te el ln ne et t C Co om mm ma an nd d s sy ys s i if fa ac ce e This command displays the current interface connection status UP or Down with IP address MAC...

Page 648: ...User s Guide 636 IP Address 0 0 0 0 Netmask 0x00000000 MAC 00 50 7F 00 00 06 Interface 9 Ethernet Status DOWN IP Address 0 0 0 0 Netmask 0x00000000 MAC 00 50 7F 00 00 07 MORE q Quit Enter New Lines Sp...

Page 649: ...e sys name wan1 wan2 ASCII string max 20 characters sys name wan1 wan2 clear Now wan1 drayrouter wan2 Note Such name can be used to recognize router s identification in SysLog dialog T Te el ln ne et...

Page 650: ...autoreboot is ON autoreboot time is 2 hour s T Te el ln ne et t C Co om mm ma an nd d s sy ys s c co om mm mi it t This command allows users to save current settings to FLASH Usually current settings...

Page 651: ...4088 4088B used 0 cached 8 Buf KMC2552 2552B used 1641 cached 42 Buf KMC1016 1016B used 7 cached 1 Buf KMC504 504B used 8 cached 8 Buf KMC248 248B used 26 cached 22 Buf KMC120 120B used 67 cached 61 B...

Page 652: ...ettings for applying in VigorACS sys tr069 get parm option sys tr069 set parm value sys tr069 getnoti parm sys tr069 setnoti parm value sys tr069 log sys tr069 debug on off sys tr069 save sys tr069 in...

Page 653: ...rOfEntries InternetGatewayDevice DeviceInfo InternetGatewayDevice ManagementServer InternetGatewayDevice Time InternetGatewayDevice Layer3Forwarding InternetGatewayDevice LANDevice InternetGatewayDevi...

Page 654: ...ic_wiz set reg qry sys license dev_chg sys license dev_key S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description licmsg It means to display license message licauth It means the li...

Page 655: ...the function of the log Supported features include SYS and DSL Case Insensitive Default setting is on for DSL voip_feature on off vf_name It means VoIP feature Type on to enable the feature or type of...

Page 656: ...Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description command parameter The available commands with parameters are listed below means that you can type in several commands in one l...

Page 657: ...er Description command parameter The available commands with parameters are listed below means that you can type in several commands in one line l Display DNS IPv4 entry in the DNS cache table s Displ...

Page 658: ...port number Define the port number 1 65535 for AlertLog E Ex xa am mp pl le e sys syslog a 1 s 1 i 192 168 1 25 d 514 T Te el ln ne et t C Co om mm ma an nd d s sy ys s t ti im me e This command is u...

Page 659: ...GMT 03 00 Baghdad Kuwait Riyadh 42 GMT 03 00 Nairobi 43 GMT 03 00 Moscow St Petersburg 44 GMT 03 30 Tehran 45 GMT 04 00 Abu Dhabi Muscat 46 GMT 04 00 Baku Tbilisi 47 GMT 04 30 Kabul 48 GMT 05 00 Ekate...

Page 660: ...x D De es sc cr ri ip pt ti io on n Parameter Description 0 Disable EAP TLS compatibility 1 Enable EAP TLS compatibility E Ex xa am mp pl le e sys eap_tls set 1 Enable EAP_TLS compatibility T Te el ln...

Page 661: ...0 PortMapProtocol NULL The tmpvirtual server index 0 PortMapLeaseDuration 0 PortMapEnabled 0 0 MORE q Quit Enter New Lines Space Bar Next Page T Te el ln ne et t C Co om mm ma an nd d u up pn np p s s...

Page 662: ...ervice OSInfo 1 Subscribtion1 sid 7a2bbdd0 0047 4fc8 b870 4597b34da7fb eventKey 1 ToSendEventKey 1 expireTime 6926 active 1 DeliveryURLs http 192 168 1 113 2869 upnp eventing twtnpnsiun 2 serviceType...

Page 663: ...to apply UPnP n 0 it means to auto select WAN interface n 1 WAN1 n 2 WAN2 E Ex xa am mp pl le e upnp wan 1 use wan1 now T Te el ln ne et t C Co om mm ma an nd d u us sb b l li is st t This command is...

Page 664: ...ist S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description add Add a new user profile Rm Delete an existed user profile enable Enable a user profile disable Disable a user profile...

Page 665: ...IPv6 w WAN_idx WAN_idx Indicate the WAN interface 1 WAN1 2 WAN2 3 WAN3 4 WAN4 l LAN_idx LAN_idx Indicate the LAN interface 1 LAN1 2 LAN2 3 LAN3 4 LAN4 e 0 1 Enable 1 or disable 0 the Vigor Bridge for...

Page 666: ...dge modem including index number MAC address Stamp Time PVC VLAN port for Vigor Bridge Function E Ex xa am mp pl le e vigbrg wanstatus Vigor Bridge Running WAN mac table Index MAC Address Stamp Time P...

Page 667: ...llows you to disable VLAN function S Sy yn nt ta ax x vlan off E Ex xa am mp pl le e vlan off VLAN is Disable Force subnet LAN2 3 4 to be disabled T Te el ln ne et t C Co om mm ma an nd d v vl la an n...

Page 668: ...an status E Ex xa am mp pl le e vlan status VLAN is Enable VLAN Enable VID Pri p1 p2 p3 p4 s1 s2 s3 s4 subnet 0 OFF 0 0 1 LAN1 1 OFF 0 2 1 LAN1 2 OFF 0 0 1 LAN1 3 OFF 0 0 V V V 1 LAN1 4 OFF 0 0 1 LAN1...

Page 669: ...mode status It means to display if submode is normal mode or promiscuous mode E Ex xa am mp pl le e vlan submode status vlan subnet mode normal mode vlan submode on vlan subnet mode modified to promi...

Page 670: ...m 0 to 7 vid_no It means the value of VLAN ID Type the value as the VLAN ID number The range is form 0 to 4095 E Ex xa am mp pl le e vlan vid 1 4095 VLAN1 vid 4095 T Te el ln ne et t C Co om mm ma an...

Page 671: ...essive mode main It means to choose proposal for main mode auto index It means to choose default proposals proposal index It means to choose specified proposal aggressive It means the chosen DH group...

Page 672: ...vpn dinset 1 Dial in profile index 1 Profile Name Status Deactive Mobile OTP Disabled Password Idle Timeout 300 sec vpn dinset 1 on set profile active vpn dinset 1 motp on Enable Mobile OTP mode vpn d...

Page 673: ...e l2tp_out ip usr pwd nip nmask Command of Dial In vpn setup index name dialin ip usr pwd key nip nmask S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description For PPTP Dial Out ind...

Page 674: ...key It means the value of IPsec Pre Shared Key nip nmask It means the remote network IP and the mask e g vpn setup 1 name1 dialin 1 2 3 4 vigor 1234 abc 192 168 1 0 255 255 255 0 E Ex xa am mp pl le e...

Page 675: ...ans always on for dial out 0 it means always on for dial in Other numbers e g idle 200 idle 300 idle 500 mean the router will be idle after the interval seconds configured here palive It means to enab...

Page 676: ...or Dial In Settings itype It means Allowed Dial In Type Available settings include itype t means PPTP itype s means IPSec itype L1 means L2TP None itype L1 means L2TP Nice to Have itype l2 means L2TP...

Page 677: ...t NAT mode droute It means to Change default route to this VPN tunnel Only single WAN supports this droute on off means to enable disable the function E Ex xa am mp pl le e vpn option 1 idle 250 Chang...

Page 678: ...out It means to list dial out settings of the specified profile in It means to list dial in settings of the specified profile net It means to list Network Settings of the specified profile index It m...

Page 679: ...De es sc cr ri ip pt ti io on n Parameter Description PPTP IPSec L2TP There are four types to be selected on off on enable VPN remote setting off disable VPN remote setting E Ex xa am mp pl le e vpn r...

Page 680: ...tive In active Dialout_Index GRE_MyIP GRE_PeerIP Logical_Traffic vpn trunk An_Gre GreIPsecAnalyze ON OFF S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description show_usable Display...

Page 681: ...lgorithm with fastest mode of Load Balance Most of traffics will be led to the channel with the fastest connection name Specify the name of the VPN trunk bind usage BindIndex Display detailed informat...

Page 682: ...P UDP Frag ON means to bind the fragmented packet OFF means not to care It is the default setting SetGre show Dialout_Index Display the GRE over IPSec settings in specified LAN to LAN profile Dialout_...

Page 683: ...254 Binding Dest Port 1 65535 Binding Fragmented NO Binding Protocol ANY Protocol T Te el ln ne et t C Co om mm ma an nd d v vp pn n N Ne et tB Bi io os s This command allows users to enable or disabl...

Page 684: ...to specify the connection type and value of MSS connection type 1 4 represent various type 1 PPTP 2 L2TP 3 IPSec 4 L2TP over IPSec TCP maximum segment size range Each type has different segment size...

Page 685: ...Block E Ex xa am mp pl le e vpn Multicast set L2l 1 Pass Lan to Lan Profile Index 1 Status Block Pass PASS T Te el ln ne et t C Co om mm ma an nd d v vp pn n p pa as ss s2 2n nd d This command allows...

Page 686: ...p pt ti io on n Parameter Description i value Specify the index number of VPN profile E 0 1 Enable or disable the IPsec with the same subnet 1 enable 0 disable e value Translate specified LAN to virtu...

Page 687: ...value S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description value It means the number of MTU for PPP The available range is from 1000 to 1500 For Static IP DHCP the maximum numbe...

Page 688: ...r disable the function of WAN forwarding The packets are allowed to be transmitted between different WANs wan forward on wan forward off S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter...

Page 689: ...ddr wan detect wan1 ttl 1 255 wan detect status S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description on It means to enable ping detection The IP address of the target shall be se...

Page 690: ...AN1 on WAN2 on WAN3 on WAN4 on WAN5 on WAN6 on WAN7 on T Te el ln ne et t C Co om mm ma an nd d w wa an n m mv vl la an n This command allows you to configure multi VLAN for WAN and LAN It supports pu...

Page 691: ...an mvlan 7 on p2 p3 p4 PVC Bridge p1 p2 p3 p4 p5 p6 Service Type Tag Priority Keep Tag 7 ON 0 0 1 1 0 0 Normal 0 OFF 0 OFF T Te el ln ne et t C Co om mm ma an nd d w wa an n m mu ul lt ti if fn no o T...

Page 692: ...d on packets The range of the value is between 32 4095 enable disable It means to enable or disable the WAN interface for VLAN pri value It means to set priority of data transmission via 802 1q The ra...

Page 693: ...none for WAN budget psday th day in periodic It is used only when mode is set with periodic Specify the order of today in the cycle E g wan budget wan 5 psday It means today is the 5th day in the bill...

Page 694: ...the suitable MTU size of the WAN interface S Sy yn nt ta ax x wan detect_mtu6 w number i IPv6 address s base_size S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description w number Sp...

Page 695: ...mm ma an nd d w wl l a ac cl l This command allows the user to configure wireless access control settings S Sy yn nt ta ax x wl acl enable ssid1 ssid2 ssid3 ssid4 wl acl disable ssid1 ssid2 ssid3 ssid...

Page 696: ...olate Set Done wl acl show Enable Mac Address Filter ssid1 dis ssid2 dis ssid3 dis ssid4 dis MAC Address Filter Index Attribute MAC Address Associated SSIDs 0 00 50 70 ff 12 70 ssid1 ssid2 ssid3 ssid4...

Page 697: ...the SSID if required ssid_num Type 1 2 3 or 4 to specify SSID1 SSID2 SSID3 or SSID4 ssid_name Give a name for the specified SSID hidden_ssid Type 0 to hide the SSID or 1 to display the SSID Security S...

Page 698: ...security 1 wpa1x Configured Wlan Security Setting SSID1 Mode wpa1x Wireless card must be reset for configurations to take effect Telnet Command wl restart T Te el ln ne et t C Co om mm ma an nd d w wl...

Page 699: ...allows users to activate the function of VPN isolation wl iso_vpn ssid En S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description ssid It means the number of SSID 1 SSID1 2 SSID2 3...

Page 700: ...the WMM for each SSID 0 disable 1 enable Apsd value It means to enable disable the ASPD automatic power save delivery function 0 disable 1 enable show It displays current status of WMM QueIdx It mean...

Page 701: ...wl ht msdu value wl ht txpower value wl ht antenna value wl ht greenfield value S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description wl ht bw value The value you can type is 0 f...

Page 702: ...o specify connection mode for WDS value Available settings are d Disable b Bridge r Repeapter security value It means to configure security mode with encrypted keys for WDS mode Available settings are...

Page 703: ...hello 1 Note Please restart router after you set the parameters wl wds status T Te el ln ne et t C Co om mm ma an nd d w wl l b bt tn nc ct tl l This command allows you to enable or disable wireless...

Page 704: ...nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description MAC Address It means the MAC address of the host IP address It means the LAN IP address of the host If you want to wake up LAN host b...

Page 705: ...e user name that you want to get clear corresponding record all all of the records will be removed d Disable User management function e Enable User management function l all l userl l ip Show online u...

Page 706: ...ans to set time quota 1 65535 of the user profile e g q 200 r Param It means to set data quota 1 65535 of the user profile e g r 1000 s Param It means to set schedule index sch_idex could be 1 to 15 t...

Page 707: ...factory default configuration E Ex xa am mp pl le e user account admin d 0 q 200 r 1000 t 1 w MB Disable the admin data quota limited T Te el ln ne et t C Co om mm ma an nd d a ap pp pq qo os s The co...

Page 708: ...am mp pl le e appqos enable 1 APP QoS set to Enable appqos traceable e 68 2 TELNET ENABLED QoS Class 2 T Te el ln ne et t C Co om mm ma an nd d n na an nd d b ba ad d n na an nd d u us sa ag ge e NAN...

Reviews:

No comments

Related manuals for Vigor 3220 SERIES

Brand: Watchguard Pages: 20

Brand: PaloAlto Networks Pages: 2

Brand: Authonet Pages: 51

ZyWALL 110 Series

Brand: ZyXEL Communications Pages: 562

Brand: Watchguard Pages: 18

Brand: PaloAlto Networks Pages: 2

NetDefend DFL-CP310

Brand: D-Link Pages: 455

NetDefend SOHO DFL-160

Brand: D-Link Pages: 356

DFL-1600 - Security Appliance

Brand: D-Link Pages: 552

NetScreen-5GT Wireless

Brand: Juniper Pages: 4

Brand: Juniper Pages: 10

Brand: Juniper Pages: 36

NetScreen 5GT Wireless

Brand: Juniper Pages: 40

Brand: Juniper Pages: 40

Brand: Juniper Pages: 154

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands