manualshive.com logo in svg

Draytek VigorBX 2000 Series, User Manual

Introducing the Draytek VigorBX 2000 Series - a powerful networking solution for homes and small businesses. For a hassle-free setup, we offer a comprehensive Quick Start Manual on our website. Download this essential manual for free at manualshive.com, and get ready to unleash the full potential of your Draytek VigorBX 2000 Series.

Share
Download
background image

 

VigorBX 2000 Series User’s Guide 

405

means, when 2000 packets per second received, they will 
be regarded as “attack event” and the session will be 

paused for 10 seconds. 

Enable ICMP flood defense 

Check the box to activate the ICMP flood defense function. 

Similar to the UDP flood defense function, once if the 
Threshold of ICMP packets from Internet has exceeded the 

defined value, the router will discard the ICMP echo 
requests coming from the Internet.   
The default setting for threshold and timeout are 250 
packets per second and 10 seconds, respectively. That 

means, when 250 packets per second received, they will be 
regarded as “attack event” and the session will be paused 

for 10 seconds. 

Enable PortScan detection 

Port Scan attacks the Vigor router by sending lots of packets 
to many ports in an attempt to find ignorant services would 

respond. Check the box to activate the Port Scan 
detection. Whenever detecting this malicious exploration 

behavior by monitoring the port-scanning Threshold rate, 
the Vigor router will send out a warning.   
By default, the Vigor router sets the threshold as 2000 
packets per second. That means, when 2000 packets per 

second received, they will be regarded as “attack event”. 

Block IP options 

Check the box to activate the Block IP options function. 
The Vigor router will ignore any IP packets with IP option 
field in the datagram header. The reason for limitation is IP 

option appears to be a vulnerability of the security for the 
LAN because it will carry significant information, such as 

security, TCC (closed user group) parameters, a series of 
Internet addresses, routing messages...etc. An 

eavesdropper outside might learn the details of your 
private networks. 

Block Land 

Check the box to enforce the Vigor router to defense the 

Land attacks. The Land attack combines the SYN attack 
technology with IP spoofing. A Land attack occurs when an 

attacker sends spoofed SYN packets with the identical 
source and destination addresses, as well as the port 

number to victims. 

Block Smurf 

Check the box to activate the Block Smurf function. The 
Vigor router will ignore any broadcasting ICMP echo 

request. 

Block trace route 

Check the box to enforce the Vigor router not to forward 
any trace route packets. 

Block SYN fragment 

Check the box to activate the Block SYN fragment function. 

The Vigor router will drop any packets having SYN flag and 
more fragment bit set. 

Block Fraggle Attack 

Check the box to activate the Block fraggle Attack function. 
Any broadcast UDP packets received from the Internet is 

blocked. 
Activating the DoS/DDoS defense functionality might block 

some legal packets. For example, when you activate the 
fraggle attack defense, all broadcast UDP packets coming 

from the Internet are blocked. Therefore, the RIP packets 
from the Internet might be dropped. 

Block TCP flag scan 

Check the box to activate the Block TCP flag scan function. 

Any TCP packet with anomaly flag setting is dropped. Those 

Summary of Contents for VigorBX 2000 Series

Page 1: ......

Page 2: ...VigorBX 2000 Series User s Guide ii VigorBX 2000 Series IPPBX Firewall Router User s Guide Version 1 0 Firmware Version V3 8 1 1 For future update please visit DrayTek web site Date December 24 2015 ...

Page 3: ...e warrant to the original end user purchaser that the router will be free from any defects in workmanship or materials for a period of two 2 years from the date of purchase from the dealer Please keep your purchase receipt in a safe place as it serves as proof of date of purchase During the warranty period and upon proof of purchase should the product have indications of failure due to faulty work...

Page 4: ...ice pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications However there is no guarantee that interference wil...

Page 5: ...ess 61 II 1 2 1 Details Page for PPPoE in WAN1 Physical Mode VDSL2 63 II 1 2 2 Details Page for MPoA Static or Dynamic IP in WAN1 Physical Mode VDSL2 66 II 1 2 3 Details Page for PPPoE PPPoA in WAN1 Physical Mode ADSL 69 II 1 2 4 Details Page for MPoA Static or Dynamic IP in WAN1 Physical Mode ADSL 73 II 1 2 5 Details Page for PPPoE in WAN2 76 II 1 2 6 Details Page for Static or Dynamic IP in WAN2...

Page 6: ...2 2 VLAN 132 II 2 3 Bind IP to MAC 137 II 2 4 LAN Port Mirror 139 II 2 5 Wired 802 1x 140 II 2 6 Web Portal Setup 141 Application Notes 144 A 1 How to Configure DHCP Options 144 II 3 NAT 147 Web User Interface 148 II 3 1 Port Redirection 148 II 3 2 DMZ Host 152 II 3 3 Open Ports 155 II 3 4 Port Triggering 157 II 4 Applications 160 Web User Interface 162 II 4 1 Dynamic DNS 162 II 4 2 LAN DNS DNS Fo...

Page 7: ...23 III 1 5 WPS 224 III 1 6 WDS 227 III 1 7 Advanced Setting 230 III 1 8 AP Discovery 233 III 1 10 Station List 234 III 1 11 Station Control 235 Part IV Phone System 237 IV 1 VoIP and IPPBX 238 Web User Interface 241 VI 1 1 IPPBX Wizard 241 VI 1 2 Extension for IP PBX 246 VI 1 3 Trunks for IP PBX 250 VI 1 3 1 SIP Trunk 250 VI 1 3 2 PSTN Trunk 256 VI 1 3 3 Custom Trunk 258 VI 1 4 DialPlan for IP PBX...

Page 8: ...re Hunt Group in VigorBX 2000 Series 312 A 8 How to Configure and Use the Queuing Function in Hunt Group 314 Part V VPN 319 V 1 VPN and Remote Access 320 Web User Interface 322 V 1 1 VPN Client Wizard 322 V 1 2 VPN Server Wizard 328 V 1 3 Remote Access Control 332 V 1 4 PPP General Setup 333 V 1 5 IPsec General Setup 335 V 1 6 IPsec Peer Identity 336 V 1 7 Remote Dial in User 338 V 1 8 LAN to LAN ...

Page 9: ...ication Notes 428 A 1 How to Create an Account for MyVigor 428 A 2 How to Block Facebook Service Accessed by the Users via Web Content Filter URL Content Filter 436 Part VII Management 443 VII 1 System Maintenance 444 Web User Interface 445 VII 1 1 System Status 445 VII 1 2 TR 069 447 VII 1 3 Administrator Password 449 VII 1 4 User Password 451 VII 1 5 Login Page Greeting 454 VII 1 6 Configuration...

Page 10: ...roup 526 VIII 1 3 IPv6 Object 527 VIII 1 4 IPv6 Group 529 VIII 1 5 Service Type Object 530 VIII 1 6 Service Type Group 532 VIII 1 7 Keyword Object 534 VIII 1 8 Keyword Group 536 VIII 1 9 File Extension Object 537 VIII 1 10 SMS Mail Service Object 539 VIII 1 11 Notification Object 544 Application Notes 546 A 1 How to Send a Notification to Specified Phone Number via SMS Service in WAN Disconnection...

Page 11: ...e Route 575 IX 1 12 Syslog Explorer 576 IX 1 13 TSPC Status 577 IX 1 14 DSL Status 578 IX 1 15 DoS Flood Table 578 IX 2 Checking If the Hardware Status Is OK or Not 580 IX 3 Checking If the Network Connection Settings on Your Computer Is OK or Not 581 IX 4 Pinging the Router from Your Computer 584 IX 5 Checking If the ISP Settings are OK or Not 586 IX 6 Problems for 3G 4G Network Connection 587 IX...

Page 12: ......

Page 13: ... al ll la at ti io on n This is a generic International version of the user guide Specification compatibility and features vary by region For specific user guides suitable for your region or product please contact local distributor ...

Page 14: ...uter increases the performance of VPN greatly and offers several protocols such as IPSec PPTP L2TP for VPN tunnels The object based design used in SPI Stateful Packet Inspection firewall allows users to set firewall policy with ease CSM Content Security Management provides users control and management in IM Instant Messenger and P2P Peer to Peer more efficiency than before By the way DoS DDoS prev...

Page 15: ...ink DSL Blinking Slowly The DSL connection is ready Quickly The connection is training On The VPN tunnel is active Off VPN services are disabled VPN Blinking Traffic is passing through VPN tunnel On Wireless access point with bandwidth of 2 4GHz 5GHz is ready 2 4G 5G Blinking It will blink slowly while wireless traffic goes through ACT and WLAN LEDs blink quickly and simultaneously when WPS is wor...

Page 16: ...ressed and released the button twice 2 4G Off and 5G Off pressed and released the button three times When WPS function is enabled by web user interface press this button for more than 2 seconds to wait for client s device making network connection through WPS Factory Reset Restore the default settings Usage Turn on the router ACT LED is blinking Press the hole and keep for more than 5 seconds When...

Page 17: ...to one of the LAN ports of the router and the other end of the cable RJ 45 into the Ethernet port on your computer 3 Connect the telephone sets with phone lines for using VoIP function For the model without phone ports skip this step 4 Connect one end of the power adapter to the router s power port on the rear panel and the other side into a wall outlet 5 Power on the device by pressing down the p...

Page 18: ... PCs connected this router can print documents via the router The example provided here is made based on Windows 7 For other Windows system please visit www DrayTek com Before using it please follow the steps below to configure settings for connected computers or wireless clients 1 Connect the printer with the router through USB parallel port 2 Open All Programs Getting Started Devices and Printer...

Page 19: ... User s Guide 7 4 A dialog will appear Click Add a local printer and click Next 5 In this dialog choose Create a new port In the field of Type of port use the drop down list to select Standard TCP IP Port Then click Next ...

Page 20: ...es User s Guide 8 6 In the following dialog type 192 168 1 1 router s LAN IP in the field of Hostname or IP Address and type 192 168 1 1 as the Port name Then click Next 7 Click Standard and choose Generic Network Card ...

Page 21: ...w your system will ask you to choose right name of the printer that you installed onto the router Such step can make correct driver loaded onto your PC When you finish the selection click Next 9 Type a name for the chosen printer Click Next ...

Page 22: ...10 10 Choose Do not share this printer and click Next 11 Then in the following dialog click Finish 12 The new printer has been added and displayed under Printers and Faxes Click the new printer icon and click Printer server properties ...

Page 23: ...13 Edit the property of the new printer you have added by clicking Configure Port 14 Select LPR on Protocol type p1 number 1 as Queue Name Then click OK Next please refer to the red rectangle for choosing the correct protocol and LPR name ...

Page 24: ...er additional functions are not supported If you do not know whether your printer is supported or not please visit www draytek com to find out the printer list Open Support FAQ Application Notes find out the link of USB Printer Server and click it Then click the What types of printers are compatible with Vigor router link Note 2 Vigor router supports printing request from computers via LAN ports b...

Page 25: ... the same subnet as the default IP address of Vigor router 192 168 1 1 For the detailed information please refer to the later section Trouble Shooting of the guide 2 Open a web browser on your PC and type http 192 168 1 1 The following window will be open to ask for username and password 3 Please type admin admin as the Username Password and click Login Info If you fail to access to the web config...

Page 26: ...ifferent slightly in accordance with the type of the router you have 5 The web page can be logged out according to the chosen condition The default setting is Auto Logout which means the web configuration system will logout after 5 minutes without any operation Change the setting for your necessity ...

Page 27: ...type admin admin as Username Password for accessing into the web user interface with admin mode 3 Go to System Maintenance page and choose Administrator Password 4 Enter the login password the default is admin on the field of Old Password Type New Password and Confirm Password Then click OK to continue Info The maximum length of the password you can set is 23 characters 5 Now the password has been...

Page 28: ...VigorBX 2000 Series User s Guide 16 Info Even the password is changed the Username for logging onto the web user interface is still admin ...

Page 29: ... main page A web page with default selections will be displayed on the screen Refer to the following figure I I 5 5 1 1 V Vi ir rt tu ua al l P Pa an ne el l On the top of the Dashboard a virtual panel simulating the physical panel of the router displays the physical interface connection It will be refreshed every five seconds When you move and click the mouse cursor on LEDs except ACT USB ports V...

Page 30: ...n about the LED display refer to I 1 1 Indicators and Connectors I I 5 5 2 2 N Na am me e w wi it th h a a L Li in nk k A name with a link e g Router Name Current Time SIP PSTN and etc below means you can click it to open the configuration page for modification ...

Page 31: ... Dashboard You will find a group of common used functions grouped under Quick Access The function links of System Status Dynamic DDNS TR 069 User Management IM P2P Block Schedule Syslog Mail Alert LDAP RADIUS Firewall Object Setting and Data Flow Monitor are displayed here Move your mouse cursor on any one of the links and click on it The corresponding setting page will be open immediately In addi...

Page 32: ...eless clients displayed with Host ID IP Address and MAC address indicates that the traffic would be transmitted through LAN port s and then the WAN port The purpose is to perform the traffic monitor of the host s I I 5 5 4 4 G GU UI I M Ma ap p All the functions the router supports are listed with table clearly in this page Users can click the function link to access into the setting page of the f...

Page 33: ... telnet command via DOS prompt The changes made by using web console have the same effects as modified through web user interface The functions settings modified under Web Console also can be reviewed on the web user interface Click the Web Console icon on the top of the main screen to open the following screen ...

Page 34: ...the Config Backup icon It allows you to backup current settings as a file Such configuration file can be restored by using System Maintenance Configuration Backup Simply click the icon on the top of the main screen and a pop up dialog will appear Click Save to store the setting I I 5 5 7 7 L Lo og go ou ut t Click this icon to exit the web user interface ...

Page 35: ... ne e S St ta at tu us s I I 5 5 8 8 1 1 P Ph hy ys si ic ca al l C Co on nn ne ec ct ti io on n Such page displays the physical connection status such as LAN connection status WAN connection status ADSL information and so on Physical Connection for IPv4 Protocol ...

Page 36: ...otal received packets at the LAN interface WAN1 WAN2 WAN3 WAN4 Status Enable Yes in red means such interface is available but not enabled Yes in green means such interface is enabled Line Displays the physical connection VDSL ADSL Ethernet or USB of this interface Name Display the name of the router Mode Displays the type of WAN connection e g PPPoE Up Time Displays the total uptime of the interfa...

Page 37: ...tatus Enable No in red means such interface is available but not enabled Yes in green means such interface is enabled No in red means such interface is not available Mode Displays the type of WAN connection e g TSPC Up Time Displays the total uptime of the interface IP Displays the IP address of the WAN interface Gateway IP Displays the IP address of the default gateway Info The words in green mea...

Page 38: ...in password After typing the password please click Next On the next page as shown below please select the WAN interface that you use If DSL interface is used please choose WAN1 if Ethernet interface is used please choose WAN2 if 3G USB modem is used please choose WAN3 or WAN4 Then click Next for next step WAN1 WAN2 WAN3 and WAN4 will bring up different configuration page Refer to the following sec...

Page 39: ...number to all packets on the WAN while sending them out Please type the tag value and specify the priority for the packets sending by WAN1 Tag value Type the value as the VLAN ID number The range is from 0 to 4095 Priority Type the packet priority number for such VLAN The range is from 0 to 7 Disable Disable the function of VLAN with tag You have to select the appropriate Internet access type acco...

Page 40: ...DSL Only Such field is provided for ADSL only You have to choose encapsulation and type the values for VPI and VCI Or click Auto detect to find out the best values Fixed IP Click Yes to enable Fixed IP feature IP Address Type the IP address if Fixed IP is enabled Subnet Mask Type the subnet mask Default Gateway Type the IP address as the default gateway Primary DNS Type in the primary IP address f...

Page 41: ...vice Name Optional Enter the description of the specific network service Username Assign a specific valid user name provided by the ISP Note The maximum length of the user name you can set is 63 characters Password Assign a valid password provided by the ISP Note The maximum length of the password you can set is 62 characters Confirm Password Retype the password Back Click it to return to previous...

Page 42: ...er finished the above settings click Next for viewing summary of such connection 4 Click Finish A page of Quick Start Wizard Setup OK will appear Then the system status of this protocol will be shown 5 Now you can enjoy surfing on the Internet ...

Page 43: ...u to choose for WAN1 interface Choose MPoA Static or Dynamic IP as the protocol For ADSL Only Such field is provided for ADSL only You have to choose encapsulation and type the values for VPI and VCI Or click Auto detect to find out the best values Fixed IP Click Yes to enable Fixed IP feature IP Address Type the IP address if Fixed IP is enabled Subnet Mask Type the subnet mask Default Gateway Ty...

Page 44: ...to the next setting page Cancel Click it to give up the quick start wizard 2 Please type in the IP address mask gateway information originally provided by your ISP Then click Next for viewing summary of such connection 3 Click Finish A page of Quick Start Wizard Setup OK will appear Then the system status of this protocol will be shown 4 Now you can enjoy surfing on the Internet ...

Page 45: ...f VLAN with tag The router will add specific VLAN number to all packets on the WAN while sending them out Please type the tag value and specify the priority for the packets sending by WAN2 Disable Disable the function of VLAN with tag Tag value Type the value as the VLAN ID number The range is form 0 to 4095 Priority Type the packet priority number for such VLAN The range is from 0 to 7 On the nex...

Page 46: ...t to continue Available settings are explained as follows Item Description Service Name Optional Enter the description of the specific network service Username Assign a specific valid user name provided by the ISP Note The maximum length of the user name you can set is 63 characters Password Assign a valid password provided by the ISP Note The maximum length of the password you can set is 62 chara...

Page 47: ...tting page Cancel Click it to give up the quick start wizard 3 Please manually enter the Username Password provided by your ISP Click Next for viewing summary of such connection 4 Click Finish A page of Quick Start Wizard Setup OK will appear Then the system status of this protocol will be shown 5 Now you can enjoy surfing on the Internet ...

Page 48: ...pe 2 Click PPTP L2TP as the Internet Access Type Then click Next to continue Available settings are explained as follows Item Description User Name Assign a specific valid user name provided by the ISP Note The maximum length of the user name you can set is 63 characters Password Assign a valid password provided by the ISP Note The maximum length of the password you can set is 62 characters ...

Page 49: ...P address for the router Second DNS Type in secondary IP address for necessity in the future PPTP Server L2TP Server Type the IP address of the server Back Click it to return to previous setting page Next Click it to get into the next setting page Cancel Click it to give up the quick start wizard 3 Please type in the IP address mask gateway information originally provided by your ISP Then click Ne...

Page 50: ...t Access type Simply click Next to continue Available settings are explained as follows Item Description WAN IP Type the IP address Subnet Mask Type the subnet mask Gateway Type the IP address of gateway Primary DNS Type in the primary IP address for the router Secondary DNS Type in secondary IP address for necessity in the future Back Click it to return to previous setting page Next Click it to g...

Page 51: ...rt wizard 3 Please type in the IP address information originally provided by your ISP Then click Next for next step 4 Click Finish A page of Quick Start Wizard Setup OK will appear Then the system status of this protocol will be shown 5 Now you can enjoy surfing on the Internet ...

Page 52: ...y click Next to continue Available settings are explained as follows Item Description Host Name Type the name of the host Note The maximum length of the host name you can set is 39 characters MAC Some Cable service providers specify a specific MAC address for access authentication In such cases you need to enter the MAC address Back Click it to return to previous setting page Next Click it to get ...

Page 53: ... quick start wizard 3 After finished the settings above click Next for viewing summary of such connection 4 Click Finish A page of Quick Start Wizard Setup OK will appear Then the system status of this protocol will be shown 5 Now you can enjoy surfing on the Internet ...

Page 54: ...ined as follows Item Description Internet Access Choose one of the selections as the protocol of accessing the internet 3G 4G USB Modem PPP mode SIM Pin code Type PIN code of the SIM card that will be used to access Internet The maximum length of the pin code you can set is 15 characters Modem Initial String Such value is used to initialize USB modem Please use the default value If you have any qu...

Page 55: ... required by some ISPs Type the name and click Apply Info Such mode 4G USB Modem DHCP mode is supported by WAN3 only 3 Then click Next for viewing summary of such connection 4 Click Finish A page of Quick Start Wizard Setup OK will appear Then the system status of this protocol will be shown 5 Now you can enjoy surfing on the Internet ...

Page 56: ...a tool which allows you to use trial version of WCF directly without accessing into the server MyVigor located on http myvigor draytek com For using Web Content Filter Profile please refer to later section Web Content Filter Profile for detailed information Now follow the steps listed below to activate WCF feature for your router Info Such function is available only for Admin Mode 1 Open Wizards S...

Page 57: ...s prepared Commtouch GlobalView WCF package from retailing outlets In addition Commtouch is merged by Cyren and GlobalView services will be continued to deliver powerful cloud based information security solutions Refer to http www prnewswire com news releases commtouch is now cyren 23902 5151 html BPjM is WCF for German Speaking users The fragfINN is whitelist for German Speaking users The BPjM is...

Page 58: ...ill be activated and applied as the default rule configured in Firewall General Setup 6 Now the web page will display the service that you have activated according to your selection s The valid time for the free trial of these services is one month When all the trial editions for various web content filters had been enabled the configuration page of Service Activation Wizard will be invalid as sho...

Page 59: ... to register your Vigor router to MyVigor website for getting more service Please follow the steps below to finish the router registration 1 Please login the web configuration interface of Vigor router by typing admin admin as User Name Password 2 Click Support Area Production Registration from the home page 3 A Login page will be shown on the screen Please type the account and password that you c...

Page 60: ...o section Creating an Account for MyVigor to create your own one Please read the articles on the Agreement regarding user rights carefully while creating a user account 4 The following page will be displayed after you logging in MyVigor From this page please click Add or Product Registration ...

Page 61: ...m the popup calendar it appears when you click on the box of Registration Date After adding the basic information for the router please click Submit 6 When the following page appears your router information has been added to the database 7 After clicking OK you will see the following page Your router has been registered to myvigor website successfully ...

Page 62: ...VigorBX 2000 Series User s Guide 50 This page is left blank ...

Page 63: ...s regulated and ruled by router The design of network structure is related to what type of public IP addresses coming from your ISP When the data flow passing through the Network Address Translation NAT function of the router will dedicate to translate public private addresses and the packets will be delivered to the correct host PC in the local area network DNS LAN DNS IGMP LDAP UpnP IGMP WOL RAD...

Page 64: ...ivate addresses and the packets will be delivered to the correct host PC in the local area network Thus all the host PCs can share a common Internet connection G Ge et t Y Yo ou ur r P Pu ub bl li ic c I IP P A Ad dd dr re es ss s f fr ro om m I IS SP P In ADSL deployment the PPP Point to Point style authentication and authorization is required for bridging customer premises equipment CPE Point to...

Page 65: ...2 still can be used and Load Balance can be done in the router Besides 3G 4G USB Modem in WAN3 WAN4 also can be used as backup device Therefore when WAN1 and WAN2 are not available the router will use 3 5G for supporting automatically The supported 3G 4G USB Modem will be listed on DrayTek web site Please visit www draytek com for more detailed information ...

Page 66: ...ration Please configure WAN1 WAN2 WAN3 and WAN4 settings This webpage allows you to set general setup for WAN1 WAN2 WAN3 and WAN4 respectively In default WAN2 is disabled If you want to enable it simply click the WAN2 link and select Yes in the field of Enable Available settings are explained as follows Item Description Load Balance Mode This option is available for multiple WAN for getting enough...

Page 67: ...erefore this page allows you to configure settings for ADSL and VDSL2 at one time That is it is not necessary for you to configure different profile settings for ADSL and VDSL2 respectively Available settings are explained as follows Item Description Enable Choose Yes to invoke the settings for this WAN interface Choose No to disable the settings for this WAN interface Display Name Type the descri...

Page 68: ...ith tag Tag value Type the value as the VLAN ID number The range is form 0 to 4095 Priority Type the packet priority number for such VLAN The range is from 0 to 7 VLAN Tag insertion VDSL2 The settings configured in this field are available for VDSL2 Enable Enable the function of VLAN with tag The router will add specific VLAN number to all packets on the WAN while sending them out Please type the ...

Page 69: ...sconnect After finished the above settings click OK to save the settings I II I 1 1 1 1 2 2 W WA AN N2 2 E Et th he er rn ne et t WAN2 is fixed with physical mode of Ethernet Available settings are explained as follows Item Description Enable Choose Yes to invoke the settings for this WAN interface Choose No to disable the settings for this WAN interface Display Name Type the description for such ...

Page 70: ... for such VLAN The range is from 0 to 7 Active Mode Choose Always On to make the WAN1 connection being activated always Load Balance Check this box to enable auto load balance function for such WAN interface When the data traffic is large the WAN interface with the function enabled will balance the data transmission automatically among all of the WAN interfaces in connection status Active When If ...

Page 71: ...n for such WAN interface Physical Mode Display the physical mode of such WAN interface Line Speed If your choose According to Line Speed as the Load Balance Mode please type the line speed for downloading and uploading for such WAN interface The unit is kbps Active Mode Choose Always On to make the WAN1 connection being activated always Load Balance Check this box to enable auto load balance funct...

Page 72: ... which WAN will be the Backup interface Any of the selected WAN disconnect Such backup WAN will be activated when any master WAN interface disconnects All of the selected WAN disconnect Such backup WAN will be activated only when all master WAN interfaces disconnect After finished the above settings click OK to save the settings ...

Page 73: ...ess Due to different Physical Mode for WAN interface the Access Mode for these connections also varies Refer to the following figures Available settings are explained as follows Item Description Index Display the WAN interface Display Name It shows the name of the WAN1 WAN2 WAN3 WAN4 that entered in general setup Physical Mode It shows the physical connection for WAN1 ADSL VDSL2 WAN2 Ethernet WAN3...

Page 74: ...service is active on this WAN interface the color of IPv6 will become green Advanced This button allows you to configure DHCP client options DHCP packets can be processed by adding option number and data information when such function is enabled and configured Enable Disable Enable Disable the function of DHCP Option Each DHCP option is composed by an option number with data For example Option num...

Page 75: ...d and all the settings that you adjusted in this page will be invalid Modem Setting for ADSL only It is not necessary to configure settings in these fields for modem settings are prepared for ADSL only PPPoE Pass through The router offers PPPoE dial up connection Besides you also can establish the PPPoE connection directly from local clients to your ISP via the Vigor router When PPPoA protocol is ...

Page 76: ... the following dialog Path MTU to Type the IP address as the specific transmit path MTU reduce size It determines the decreasing size of MTU value For example the number specified in this field is 8 The maximum MTU size is 1500 After clicking the detect button the system will calculate and get the suitable MTU value such as 1500 1492 1484 and etc automatically Detect Click it to detect a suitable ...

Page 77: ...ltiple public IP addresses and would like to utilize them on the WAN interface please use WAN IP Alias You can set up to 8 public IP addresses other than the current one you are using Fixed IP Click Yes to use this function and type in a fixed IP address in the box of Fixed IP Address Default MAC Address You can use Default MAC Address or specify another MAC address by typing on the boxes of MAC A...

Page 78: ... Item Description Enable Disable Click Enable for activating this function If you click Disable this function will be closed and all the settings that you adjusted in this page will be invalid Modem Setting for ADSL only It is not necessary to configure settings in these fields for modem settings are prepared for ADSL only WAN Connection Detection Such function allows you to verify whether network...

Page 79: ...viated as RIP RFC1058 specifying how routers exchange routing tables information Click Enable RIP for activating this function Bridge Mode If you choose Bridged IP as the protocol you can check this box to invoke the function The router will work as a bridge modem WAN IP Network Settings This group allows you to obtain an IP address automatically and allows you type in IP address manually WAN IP A...

Page 80: ...gth of the password you can set is 62 characters Specify an IP address Click this radio button to specify some data IP Address Type in the private IP address Subnet Mask Type in the subnet mask Gateway IP Address Type in gateway IP address Default MAC Address Type in MAC address for the router You can use Default MAC Address or specify another MAC address for your necessity Specify a MAC Address T...

Page 81: ...quired by your ISP These settings configured here are specified for ADSL only Multi PVC channel The selections displayed here are determined by the page of Internet Access Multi PVC VLAN Select M PVCs Channel means no selection will be chosen VPI Type in the value provided by ISP VCI Type in the value provided by ISP Encapsulating Type Drop down the list to choose the type provided by ISP Protocol...

Page 82: ... router will behave like a modem which only serves the PPPoE client on the LAN That s the router will offer PPPoA dial up connection WAN Connection Detection Such function allows you to verify whether network connection is alive or not through ARP Detect or Ping Detect Mode Choose ARP Detect or Ping Detect for the system to execute for WAN detection Ping IP If you choose Ping Detect as detection m...

Page 83: ... is checked the system will ask you to type another group of account and password additionally PPP Authentication Select PAP only or PAP or CHAP for PPP Idle Timeout Set the timeout for breaking down the Internet after passing through the time without any action IP Address From ISP Usually ISP dynamically assigns IP address to you each time you connect to it and request In some case your ISP provi...

Page 84: ...outer Specify a MAC Address Type the MAC address for the router manually Index 1 15 in Schedule Setup You can type in four sets of time schedule for your request All the schedules can be set previously in Applications Schedule web page and you can use the number that you have set in that web page After finishing all the settings here please click OK to activate them ...

Page 85: ...AN1 page The following web page will appear Available settings are explained as follows Item Description Enable Disable Click Enable for activating this function If you click Disable this function will be closed and all the settings that you adjusted in this page will be invalid Modem Settings for ADSL only Set up the DSL parameters required by your ISP These settings configured here are specified...

Page 86: ...ter clicking the detect button the system will calculate and get the suitable MTU value such as 1500 1492 1484 and etc automatically Detect Click it to detect a suitable MTU value Accept After clicking it the detected value will be displayed in the field of MTU RIP Protocol Routing Information Protocol is abbreviated as RIP RFC1058 specifying how routers exchange routing tables information Click E...

Page 87: ...e a password The maximum length of the password you can set is 62 characters Specify an IP address Click this radio button to specify some data IP Address Type in the private IP address Subnet Mask Type in the subnet mask Gateway IP Address Type in gateway IP address Default MAC Address Type in MAC address for the router You can use Default MAC Address or specify another MAC address for your neces...

Page 88: ...description of the specific network service Username Type in the username provided by ISP in this field The maximum length of the user name you can set is 63 characters Password Type in the password provided by ISP in this field The maximum length of the password you can set is 62 characters Index 1 15 in Schedule Setup You can type in four sets of time schedule for your request All the schedules ...

Page 89: ... passing through the time without any action IP Address Assignment Method IPCP Usually ISP dynamically assigns IP address to you each time you connect to it and request In some case your ISP provides service to always assign you the same IP address whenever you request In this case you can fill in this IP address in the Fixed IP field Please contact your ISP before you want to use this function WA...

Page 90: ...shown Available settings are explained as follows Item Description Enable Disable Click Enable for activating this function If you click Disable this function will be closed and all the settings that you adjusted in this page will be invalid Keep WAN Connection Normally this function is designed for Dynamic IP environments because some ISPs will drop connections if there is no traffic within certa...

Page 91: ... it the detected value will be displayed in the field of MTU RIP Protocol Routing Information Protocol is abbreviated as RIP RFC1058 specifying how routers exchange routing tables information Click Enable RIP for activating this function WAN IP Network Settings This group allows you to obtain an IP address automatically and allows you type in IP address manually WAN IP Alias If you have multiple p...

Page 92: ...atic IP mode If necessary type in secondary IP address for necessity in the future After finishing all the settings here please click OK to activate them I II I 1 1 2 2 7 7 D De et ta ai il ls s P Pa ag ge e f fo or r P PP PT TP P L L2 2T TP P i in n W WA AN N2 2 To use PPTP L2TP as the accessing protocol of the internet please click the PPTP L2TP tab The following web page will be shown Available...

Page 93: ...tton the system will calculate and get the suitable MTU value such as 1500 1492 1484 and etc automatically Detect Click it to detect a suitable MTU value Accept After clicking it the detected value will be displayed in the field of MTU PPP Setup PPP Authentication Select PAP only or PAP or CHAP for PPP Idle Timeout Set the timeout for breaking down the Internet after passing through the time witho...

Page 94: ...obtain the IP address automatically Specify an IP address Click this radio button to specify some data IP Address Type the IP address Subnet Mask Type the subnet mask After finishing all the settings here please click OK to activate them ...

Page 95: ...ned as follows Item Description Modem Support List It lists all of the modems supported by such router 3G 4G USB Modem PPP mode Click Enable for activating this function If you click Disable this function will be closed and all the settings that you adjusted in this page will be invalid SIM PIN code Type PIN code of the SIM card that will be used to access Internet The maximum length of the PIN co...

Page 96: ...e optional The maximum length of the name you can set is 63 characters PPP Password Type the PPP password optional The maximum length of the password you can set is 62 characters PPP Authentication Select PAP only or PAP or CHAP for PPP Index 1 15 in Schedule Setup You can type in four sets of time schedule for your request All the schedules can be set previously in Application Schedule web page a...

Page 97: ...y such router 3G 4G USB Modem DHCP mode Click Enable for activating this function If you click Disable this function will be closed and all the settings that you adjusted in this page will be invalid SIM PIN code Type PIN code of the SIM card that will be used to access Internet The maximum length of the PIN code you can set is 19 characters Network Mode Force Vigor router to connect Internet with...

Page 98: ...ct a suitable MTU value Accept After clicking it the detected value will be displayed in the field of MTU WAN Connection Detection Such function allows you to verify whether network connection is alive or not through ARP Detect or Ping Detect Mode Choose ARP Detect or Ping Detect for the system to execute for WAN detection Ping IP If you choose Ping Detect as detection mode you have to type IP add...

Page 99: ...s of the generated prefix No need to type any other information for PPP mode Available settings are explained as follows Item Description WAN Connection Detection Such function allows you to verify whether network connection is alive or not through Ping Detect Mode Choose Always On or Ping Detect for the system to execute for WAN detection Always On means no detection will be executed The network ...

Page 100: ...IPv6 network easily Please make sure your IPv4 WAN connection is OK and apply one free account from hexago http gogonet gogo6 com page freenet6 account before you try to use TSPC for network connection TSPC would connect to tunnel broker and requests a tunnel according to the specifications inside the configuration file It gets a public IPv6 IP address and an IPv6 prefix from the tunnel broker and...

Page 101: ...tion Tunnel Broker Type the address for the tunnel broker IP FQDN or an optional port number WAN Connection Detection Such function allows you to verify whether network connection is alive or not through Ping Detect Mode Choose Always On or Ping Detect for the system to execute for WAN detection Always On means no detection will be executed The network connection will be on always Ping IP Hostname...

Page 102: ...the name you can set is 19 characters Password Type the password assigned with the user name The maximum length of the password you can set is 19 characters Confirm Password Type the password again to make the confirmation Tunnel Broker It means a server of AICCU The server can provide IPv6 tunnels to sites or end users over IPv4 Type the address for the tunnel broker IP FQDN or an optional port n...

Page 103: ...Detect Mode Choose Always On or Ping Detect for the system to execute for WAN detection Ping IP Hostname If you choose Ping Detect as detection mode you have to type IP address in this field for pinging TTL Time to Live If you choose Ping Detect as detection mode you have to type TTL value After finished the above settings click OK to save the settings ...

Page 104: ...rough NS Detect or Ping Detect Mode Choose Always On Ping Detect or NS Detect for the system to execute for WAN detection With NS Detect mode the system will check if network connection is established or not like IPv4 ARP Detect Always On means no detection will be executed The network connection will be on always Ping IP Hostname If you choose Ping Detect as detection mode you have to type IP add...

Page 105: ...v6 Address Table Display current interface IPv6 address Static IPv6 Gateway Configuration IPv6 Gateway Address Type your IPv6 gateway address here WAN Connection Detection Such function allows you to verify whether network connection is alive or not through NS Detect or Ping Detect Mode Choose Always On Ping Detect or NS Detect for the system to execute for WAN detection With NS Detect mode the sy...

Page 106: ... to type TTL value Bridge Mode Enable Bridge Mode Check the box to enable Bridge mode Bridge Subnet Choose LAN interface to build a bridge connection between such WAN interface and the selected LAN After finished the above settings click OK to save the settings ...

Page 107: ...server 6in4 IPv6 Address Type the static IPv6 address for IPv4 tunnel with the value for prefix length LAN Routed Prefix Type the static IPv6 address for LAN routing with the value for prefix length Tunnel TTL Type the number for the data lifetime in tunnel WAN Connection Detection Such function allows you to verify whether network connection is alive or not through Ping Detect Mode Choose Always ...

Page 108: ...rd for WAN interface Available settings are explained as follows Item Description 6rd Mode Auto 6rd Retrieve 6rd prefix automatically from 6rd service provider The IPv4 WAN must be set as DHCP Static 6rd Set 6rd options manually IPv4 Border Relay Type the IPv4 addresses of the 6rd Border Relay for a given 6rd domain IPv4 Mask Length Type a number of high order bits that are identical across all CE...

Page 109: ...e Always On or Ping Detect for the system to execute for WAN detection Always On means no detection will be executed The network connection will be on always Ping IP Hostname If you choose Ping Detect as detection mode you have to type IP address in this field for pinging TTL Time to Live If you choose Ping Detect as detection mode you have to type TTL value After finished the above settings click...

Page 110: ...y the Internet Access web user interface and can not be configured here Channels 5 10 are configurable Enable Display whether the settings in this channel are enabled Yes or not No WAN Type Displays the physical medium that the channel will use VPI VCI Display the value for VPI and VCI VLAN Tag Displays the VLAN tag value that will be used for the packets traveling on this channel Port based Bridg...

Page 111: ...he channel shall use here General Settings VPI Type in the value provided by your ISP VCI Type in the value provided by your ISP Protocol Select a proper protocol for this channel Encapsulation Choose a proper type for this channel The types will be different according to the protocol setting that you choose Add VLAN Header Check the box to enable the following two options VLAN Tag Type the value ...

Page 112: ...oup the physical ports by checking the corresponding check box es for applying the bridge connection After finished the above settings click OK to save the settings WAN links for Channel 5 6 and 7 are provided for router borne application such as TR 069 The settings must be applied and obtained from your ISP For your special request please contact with your ISP and then click WAN link of Channel 5...

Page 113: ... Channels using the same WAN type may not configure the same VLAN tag value Priority Choose the number to determine the packet priority for such VLAN The range is from 0 to 7 ATM OoS QoS Type Select a proper QoS type for the channel Type the values for PCR SCR and MBS respectively Open Port based Bridge Connection for this Channel The settings here will create a bridge between the LAN ports select...

Page 114: ...outer Name Type in the router name provided by ISP Domain Name Type in the domain name that you have assigned Specify an IP address Click this radio button to specify some data IP Address Type in the private IP address Subnet Mask Type in the subnet mask Gateway IP Address Type in gateway IP address DNS Server IP Address Type in the primary IP address for the router if you want to use Static IP mo...

Page 115: ...e contact with your ISP for detailed information Available settings are explained as follows Item Description QoS Type Select a proper QoS type for the channel according to the information that your ISP provides PCR It represents Peak Cell Rate The default setting is 0 SCR It represents Sustainable Cell Rate The value of SCR must be smaller than PCR MBS It represents Maximum Burst Size The range o...

Page 116: ...WAN3 WAN4 link to open the following web page Available settings are explained as follows Item Description Enable Check the box to enable such function Quota Limit Type the data traffic quota allowed for such WAN interface There are two unit MB and GB offered for you to specify When quota exceeded Check the box es as the condition s for the system to perform when the traffic has exceeded the budge...

Page 117: ...billing cycle Custom Monthly is default setting If long period or a short period is required use Custom The period of cycle duration is between 1 day and 60 days You can determine the cycle duration by specifying the days and the hours In addition you can specify which day of today is in a cycle Cycle duration Specify the days to reset the traffic record For example 7 means the whole cycle is 7 da...

Page 118: ... WAN budget is exhausted a lock will be displayed on the page if Shutdown WAN interface is selected Which means no data transmission will be carried out Moreover the system will send out a warning message to the administrator if Send Mail Alert to Administrator is selected Or the system will send out SMS message to the administrator if Send SMS messages to Administrator is selected ...

Page 119: ...xisting IPv4 network environment The IPv6 packets will be encapsulated with the header of IPv4 first Later the packets will be transformed and judged by IPv4 router Once the packets arrive the border between IPv4 and IPv6 the header of IPv4 on the packets will be removed Then the packets with IPv6 address will be forwarded to the destination of IPv6 network Translation Such feature is active only ...

Page 120: ...e supporting IPv6 service 2 In the following figure use the drop down list to choose a proper connection type Different connection types will bring out different configuration page Refer to the following PPP Dual Stack application IPv4 and IPv6 services can be utilized at the same time Choose PPP and type the information for PPPoE of IPv4 ...

Page 121: ...ide 109 Access into the setting page for IPv6 service it is not necessary for you to configure anything Click OK and open Online Status If the connection is successful you will get the IP address for IPv4 and IPv6 at the same time ...

Page 122: ...VigorBX 2000 Series User s Guide 110 ...

Page 123: ... information for TSPC service Info While using such mode you have to make sure the IPv4 network connection is normal In the following figure the TSPC information is obtained from http gogo6 com after applied for the service Click OK and open Online Status If the connection is successful the physical connection will be shown as follows ...

Page 124: ... Info While using such mode you have to make sure the IPv4 network connection is normal In the following figure the AICCU information is obtained from https www sixxs net main after applied for the service Click OK and open Online Status If the connection is successful the physical connection will be shows as follows ...

Page 125: ...r s Guide 113 DHCPv6 Client Choose DHCPv6 Client Click one of the identity associations and type the IAID number Click OK and open Online Status If the connection is successful the physical connection will be shows as follows ...

Page 126: ...ries User s Guide 114 Static IPv6 Choose Static IPv6 Type IPv6 address Prefix Length and Gateway Address Click OK and open Online Status If the connection is successful the physical connection will be shows as follows ...

Page 127: ...n4 Static Tunnel Choose 6in4 Static Tunnel Type remote endpoint IPv4 address 6in4 IPv6 Address LAN Routed Prefix and Tunnel TTL Click OK and open Online Status If the connection is successful the physical connection will be shows as follows ...

Page 128: ...s User s Guide 116 6rd Choose 6rd Type IPv4 Border Relay IPv4 Mask Length 6rd Prefix and 6rd Prefix Length Click OK and open Online Status If the connection is successful the physical connection will be shows as follows ...

Page 129: ...he IPv6 button for LAN 2 In the field of RADVD Configuration the default setting is Enable The client s PC will ask RADVD service for the Prefix of IPv6 address automatically and generate an Interface ID by itself to compose a full and unique IPv6 address 3 In the field of DHCPv6 Server Configuration when DHCPv6 service is enabled you can assign available IPv6 address for the client manually Info ...

Page 130: ...he command of ipconfig Refer to the following figure From the above figure we can see IPv6 IP address has been captured by the system 2 Use the Ping command to ping any IPv6 address indicating an IPv6 website For example www kame net is a website supporting IPv4 IP and IPv6 IP services Its IPv6 address is seen with a format of 2001 200 dff fff1 216 3eff feb1 44d7 After getting the above message it...

Page 131: ... type an URL of IPv6 e g www kame net If your computer accesses into the website by using IPv6 address you may see a turtle dancing on the screen If not only a steady turtle will be seen If you can see a turtle dancing on the screen that means IPv6 service is ready for you to access and utilize ...

Page 132: ...e the packets from public IP address to private IP address to forward the right packets to the right host and vice versa Besides Vigor router has a built in DHCP server that assigns private IP address to each local host See the following diagram for a briefly understanding In some special case you may have a public IP subnet from your ISP such as 220 135 240 0 24 This means that you can set up a p...

Page 133: ...S St ta at ti ic c R Ro ou ut te e When you have several subnets in your LAN sometimes a more effective and quicker way for connection is the Static routes function rather than other method You may simply set rules to forward data from one specified subnet to another specified subnet without the presence of RIP W Wh ha at t a ar re e V Vi ir rt tu ua al l L LA AN Ns s a an nd d R Ra at te e C Co o...

Page 134: ...g At present LAN1 setting is fixed with NAT mode only LAN2 LAN6 can be operated under NAT or Route mode IP Routed Subnet can be operated under Route mode Available settings are explained as follows Item Description General Setup Allow to configure settings for each subnet respectively Index Display all of the LAN items Status Basically LAN1 status is enabled in default LAN2 LAN6 and IP Routed Subn...

Page 135: ... DHCP reply packets Interface Choose the interface for such option Next Server IP Address SIAddr Type the IP address for the next server Vigor router s DHCP server can redirect clients to a secondary server specified in such field Option Number Type a number for such function DataType Choose the type ASCII or Hex or IP for the data to be stored Data Type the content of the data to be processed by ...

Page 136: ...en routers Default Enable activate the RIP protocol DHCP Server Configuration DHCP stands for Dynamic Host Configuration Protocol The router by factory default acts a DHCP server for your network so it automatically dispatches related IP settings to any local user configured as a DHCP client It is highly recommended that you leave the router enabled as a DHCP server if you do not have a DHCP serve...

Page 137: ... any IPs from this server anymore Therefore this feature is used to get the IP back from inactive clients i e doesn t use the IP but the server still reserves the IP for him DNS Server IP Address DNS stands for Domain Name System Every Internet host must have a unique IP address also they may have a human friendly easy to remember name such as www yahoo com The DNS server converts the user friendl...

Page 138: ... explanations for detailed information Below shows the settings page for IPv6 It provides 2 daemons for LAN side IPv6 address configuration One is SLAAC stateless and the other is DHCPv6 Stateful server Available settings are explained as follows Item Description Enable Check the box to enable the configuration of LAN 1 IPv6 Setup WAN Primary Interface Use the drop down list to specify a WAN inter...

Page 139: ... be assigned IP address from Vigor router via the following method SLAAC stateless The IP address with Prefix of the host shall be formed according to RA transmitted by Vigor router DHCPv6 stateful The IP address of the host shall be assigned after communicating with DHCPv6 server for answering the request of client Off No IP address is assigned Other Option O bit Check this box to enable the O bi...

Page 140: ...use Min Max Interval Time sec It defines the interval between minimum time and maximum time for sending RA Router Advertisement packets Default Lifetime sec Within such period of time Vigor2925 can be treated as the default gateway Default Preference It determines the priority of the host behind the router when RA Router Advertisement packets are transmitted MTU It means Max Transmit Unit for pack...

Page 141: ...so it automatically dispatch related IP settings to any local user configured as a DHCP client It is highly recommended that you leave the router enabled as a DHCP server if you do not have a DHCP server for your network Enable Server Let the router assign IP address to every host in the LAN Disable Server Let you manually assign IP address to every host in the LAN Enable Relay Agent If you want t...

Page 142: ...ver IP Address DNS stands for Domain Name System Every Internet host must have a unique IP address also they may have a human friendly easy to remember name such as www yahoo com The DNS server converts the user friendly name into its equivalent IP address Primary IP Address You must specify a DNS server IP address here because your ISP should provide you with usually more than one DNS Server If y...

Page 143: ...IP protocol DHCP Server Configuration DHCP stands for Dynamic Host Configuration Protocol The router by factory default acts a DHCP server for your network so it automatically dispatch related IP settings to any local user configured as a DHCP client It is highly recommended that you leave the router enabled as a DHCP server if you do not have a DHCP server for your network If you want to use anot...

Page 144: ...port Gigabit switch on the LAN side Vigor router provides extremely high speed connectivity for the highest speed local data transfer of any server or local PCs On the Wireless equipped models each of the wireless SSIDs can also be grouped within one of the VLANs T Ta ag gg ge ed d V VL LA AN N The tagged VLANs 802 1q can mark data with a VLAN identifier This identifier can be carried through an o...

Page 145: ...VigorBX 2000 Series User s Guide 133 ...

Page 146: ...ion LAN P1 P6 Check the LAN port s to group them under the selected VLAN Wireless LAN 2 4GHz SSID1 SSID4 Check the SSID boxes to group them under the selected VLAN Wireless LAN 5GHz SSID1 SSID4 Check the SSID boxes to group them under the selected VLAN Subnet Choose one of them to make the selected VLAN mapping to the specified subnet only For example LAN1 is specified for VLAN0 It means that PCs ...

Page 147: ...ansmission is unimpeded Info Leave one VLAN untagged at least to prevent from not connecting to Vigor router due to unexpected error VigorBX 2000 series features a hugely flexible VLAN system In its simplest form each of the Gigabit LAN ports can be isolated from each other for example to feed different companies or departments but keeping their local traffic completely separated C Co on nf fi ig ...

Page 148: ...outing by checking the box between LAN1 and LAN2 Vigor router supports up to six private IP subnets on LAN Each can be independent isolated or common able to communicate with each other This is ideal for departmental or multi occupancy applications Info As for the VLAN applications refer to Appendix I VLAN Application on Vigor Router for more detailed information ...

Page 149: ...tion Enable Click this radio button to invoke this function However IP MAC which is not listed in IP Bind List also can connect to Internet Disable Click this radio button to disable this function All the settings on this page will be invalid Strict Bind Click this radio button to block the connection of the IP MAC which is not listed in IP Bind List ARP Table This table is the LAN ARP table of th...

Page 150: ...ble or the IP MAC address typed in Add and Edit to the table of IP Bind List Update It allows you to edit and modify the selected IP address and MAC address that you create before Delete You can remove any item listed in IP Bind List Simply click and select the one and click Delete The selected item will be removed from the IP Bind List Backup Store the configuration for Bind IP to MAC as a file R...

Page 151: ...cting equipments to be set up Second it may be able to view traffic on one or more ports within a VLAN at the same time Third it can transfer all data traffics to be mirrored to one analyzer connecting to the mirroring port Last it is more convenient and easy to configure in user s interface Available settings are explained as follows Item Description Port Mirror Check Enable to activate this func...

Page 152: ...ngs must be configured before enabling 802 1x because the EAP Extensible Authentication Protocol Authenticator relies on the RADIUS Server in its authentication process Each LAN port with Wired 802 1x configured will only forward 802 1x packets and block all other packets until the authentication has successfully completed Available settings are explained as follows Item Description Enable Check t...

Page 153: ...ired web page through this router That is a company which wants to have an advertisement for its products to users can specify the URL in this page to reach its goal Each item is explained as follows Item Description Profile Display the number link which allows you to configure the profile Status Display the content Disable URL Redirect or Message of the profile Interface Display the applied inter...

Page 154: ...ge that the hotel wants the user s to visit Message Type words or sentences here The message will be displayed on the screen for several seconds when the wireless users access into the web page through the router Default Message Click it to restore the default content Notice Content given in this field will be displayed on the screen when a web page is redirected by web portal mechanism Position o...

Page 155: ...de user management Web portal profile will be used to filter users first Prefer user management User Management profile will be used to filter users first Applied Interfaces Check the box es representing different interfaces to be applied by such profile The advantage is that each SSID 1 2 3 4 for wireless network can be applied with different web portal separately After finishing all the settings...

Page 156: ...col DHCP DHCP servers can be configured to provide the clients with additional information Vigor not only supports DHCP option but also provides a variety of data type for input the DHCP value and the option can be configured on a specific LAN interface P Pa ar rt t A A B Ba as si ic c S Se et tt ti in ng gs s 1 To configure DHCP options go to LAN General Setup Advanced 2 Add a new DHCP option a C...

Page 157: ...file for the DHCP clients The data should be the path name file name and extension of the specified file in ASCII characters O Op pt ti io on n 3 33 3 S St ta at ti ic c R Ro ou ut te e This option allows DHCP server pass a list of static routes to DHCP client The data should be pairs of IP address The first address is the IP address of the destination and the second is the IP address of the route...

Page 158: ...io on n This option allows DHCP server pass a list of static routes to DHCP client The data should be pairs of IP address in hexadecimal digits The first address is the IP address of destination and the second is the IP address of the router O Op pt ti io on n 1 15 50 0 T TF FT TP P S Se er rv ve er r A Ad dd dr re es ss s This option allows DHCP server to pass the IP address of the TFTP server fr...

Page 159: ...blic IP address and the router will do the inversion based on its table Therefore the internal host can communicate with external host smoothly The benefit of the NAT includes Save cost on applying public IP address and apply efficient usage of IP address NAT allows the internal IP addresses of local hosts to be translated into one public IP address thus you can have only one IP address on behalf ...

Page 160: ...dress domain name are recognized by all users Since the server is actually located inside the LAN the network well protected by NAT of the router and identified by its private IP address port the goal of Port Redirection function is to forward all access request with public IP address from external users to the mapping private IP address port of the server The port redirection can only apply to in...

Page 161: ...t redirection Available settings are explained as follows Item Description Enable Check this box to enable such port redirection setting Mode Two options Single and Range are provided here for you to choose To set a range for the specific service select Range In Range mode if the public port start port and end port and the starting IP of private IP had been entered the system will calculate and di...

Page 162: ...he private port number of the service offered by the internal host After finishing all the settings here please click OK to save the configuration Note that the router has its own built in services servers such as Telnet HTTP and FTP etc Since the common port numbers of these services servers are all the same you may need to reset the router in order to avoid confliction For example the built in w...

Page 163: ...VigorBX 2000 Series User s Guide 151 ...

Page 164: ...single host in the LAN Regular web surfing and other such Internet activities from other clients will continue to work without inappropriate interruption DMZ Host allows a defined internal user to be totally exposed to the Internet which usually helps some special applications such as Netmeeting or Internet Games etc The security properties of NAT are somewhat bypassed if you set up DMZ host We su...

Page 165: ...is button and then a window will automatically pop up as depicted below The window consists of a list of private IP addresses of all hosts in your LAN network Select one private IP address in the list to be the DMZ host When you have selected one private IP from the above dialog the IP address will be shown on the following screen Click OK to save the setting DMZ Host for WAN2 WAN3 or WAN4 is slig...

Page 166: ...rivate IP address of the DMZ host or click Choose PC to select one Choose PC Click this button and then a window will automatically pop up as depicted below The window consists of a list of private IP addresses of all hosts in your LAN network Select one private IP address in the list to be the DMZ host When you have selected one private IP from the above dialog the IP address will be shown on the...

Page 167: ...articular entry that you want to offer service in a local host You should click the appropriate index number to edit or clear the corresponding entry Comment Specify the name for the defined network service WAN Interface Display the WAN interface used by such index Aux WAN IP Display the IP alias setting used by such index If no IP alias setting exists such field will not appear Local IP Address D...

Page 168: ... IP Enter the private IP address of the local host or click Choose PC to select one Choose PC Click this button and subsequently a window having a list of private IP addresses of local hosts will automatically pop up Select the appropriate IP address of the local host in the list Protocol Specify the transport layer protocol It could be TCP UDP or none for selection Start Port Specify the starting...

Page 169: ...on the type of protocol used The default durations are shown below and these duration values can be modified via telnet commands TCP 86400 sec UDP 180 sec IGMP 10 sec TCP WWW 60 sec TCP SYN 60 sec Available settings are explained as follows Item Description Comment Display the text which memorizes the application of this rule Triggering Protocol Display the protocol of the triggering packets Trigg...

Page 170: ...the text to memorize the application of this rule Triggering Protocol Select the protocol TCP UDP or TCP UDP for such triggering profile Triggering Port Type the port or port range for such triggering profile Incoming Protocol When the triggering packets received it is expected the incoming packets will use the selected protocol Select the protocol TCP UDP or TCP UDP for the incoming data of such ...

Page 171: ...VigorBX 2000 Series User s Guide 159 Incoming Port Type the port or port range for the incoming packets After finishing all the settings here please click OK to save the configuration ...

Page 172: ...e specified private IP address S Sc ch he ed du ul le e The Vigor router has a built in clock which can update itself manually or automatically by means of Network Time Protocols NTP As a result you can not only schedule the router to dialup to the Internet at a specified time but also restrict Internet access to certain hours so that users can connect to the Internet only during certain hours say...

Page 173: ...router is NAT Traversal This enables applications inside the firewall to automatically open the ports that they need to pass through a router W Wa ak ke e o on n L LA AN N A PC client on LAN can be woken up by the router it connects When a user wants to wake up a specified PC through the router he she must type correct MAC address of the specified PC on this web page of Wake on LAN WOL of this rou...

Page 174: ...vailable settings are explained as follows Item Description Enable Dynamic DNS Setup Check this box to enable DDNS function Set to Factory Default Clear all profiles and recover to factory settings View Log Display DDNS log status Force Update Force the router updates its information to DDNS server Auto Update interval Set the time for the router to perform auto update for DDNS service Index Click...

Page 175: ...4 fails the router will use another WAN interface instead WAN1 WAN2 WAN3 WAN4 Only While connecting the router will use WAN1 WAN2 WAN3 WAN4 as the only channel for such account Service Provider Select the service provider for the DDNS account Service Type Select a service type Dynamic Custom or Static If you choose Custom you can modify the domain that is chosen in the Domain Name field Domain Nam...

Page 176: ...f it is selected and the WAN IP of Vigor router is private it will be converted to public IP before DDNS update takes place 4 Click OK button to activate the settings You will see your setting has been saved D Di is sa ab bl le e t th he e F Fu un nc ct ti io on n a an nd d C Cl le ea ar r a al ll l D Dy yn na am mi ic c D DN NS S A Ac cc co ou un nt ts s In the DDNS setup menu uncheck Enable Dyna...

Page 177: ...ail or Web server inside LAN you can specify specific private IP address es to correspondent servers Thus even the remote PC is adopting public DNS as the DNS server the LAN DNS resolution on VigorBX 2000 series will respond the specified private IP address Simply click Application LAN DNS DNS Forwarding to open the following page Each item is explained as follows Item Description Set to Factory D...

Page 178: ...r such profile Note If you type a name here for LAN DNS and click OK to save the configuration the name also will be applied to conditional DNS forwarding automatically Domain Name Type the domain name for such profile CNAME Alias Domain Name CNAME is abbreviation of Canonical name record Such option is used to record the domain name or the host alias Add Click it to add a new host with specified ...

Page 179: ...NS profile just created Or you can click index 2 to use this profile as conditional DNS forwarding Available settings are explained as follows Item Description Enable Check this box to enable such profile Profile Type a name for such profile Note If you type a name here for conditional DNS forwarding and click OK to save the configuration the name also will be applied to LAN DNS automatically Doma...

Page 180: ...VigorBX 2000 Series User s Guide 168 ...

Page 181: ...s clock to current time of your PC The clock will reset once if you power down or reset the router There is another way to set up time You can inquiry an NTP server a time server on the Internet to synchronize the router s clock This method can only be applied when the WAN connection has been built up Available settings are explained as follows Item Description Set to Factory Default Clear all pro...

Page 182: ...on to be dial on demand and the value of idle timeout should be specified in Idle Timeout field Disable Dial On Demand Specify the connection to be up when it has traffic on the line Once there is no traffic over idle timeout the connection will be down and never up again during the schedule Idle Timeout Specify the duration or period for the schedule How often Specify how often the schedule will ...

Page 183: ...tion and accounting which is widely used by Internet service providers It is the most common method of authenticating and authorizing dial up and tunneled network users The built in RADIUS client feature enables the router to assist the remote dial in user or a wireless station and the RADIUS server in performing mutual authentication It enables centralized remote access authentication for network...

Page 184: ...ailable settings are explained as follows Item Description Enable Check to enable TACACS feature Server IP Address Enter the IP address of TACACS server Destination Port The UDP port number that the TACACS server is using Shared Secret The TACACS server and client share a secret that is used to authenticate the messages sent between them Both sides must be configured to use the same shared secret ...

Page 185: ...ard is established by the work team of Internet Engineering Task Force IETF As the name described LDAP is designed as an effect way to access directory service without the complexity of other directory service protocols For LDAP is defined to perform inquire and modify the information within the directory and acquire the data in the directory securely therefore users can apply LDAP to search or li...

Page 186: ...ity For the regular mode you ll need to type in the Regular DN and Regular Password Server Address Enter the IP address of LDAP server Destination Port Type a port number as the destination port for LDAP server Use SSL Check the box to use the port number specified for SSL Regular DN Type this setting if Regular Mode is selected as Bind Type Regular Password Specify a password if Regular Mode is s...

Page 187: ...or most LDAP server is cn Additional Filter Type the condition for additional filter Base Distinguished Name Group Distinguished Name Type or edit the distinguished name used to look up entries on the LDAP server Sometimes you may forget the Distinguished Name since it s too long Then you may click the button to list all the account information on the AD LDAP Server to assist you finish the setup ...

Page 188: ...n Control Service or Connection Status Service Default WAN It is used to specify the WAN interface for applying such function The reminder as regards concern about Firewall and UPnP Can t work with Firewall Software Enabling firewall applications on your PC may cause the UPnP function not working properly This is because these applications will block the accessing ability of some network ports Sec...

Page 189: ...t In addition such function is available in NAT mode Enable IGMP Snooping Check this box to enable this function Multicast traffic will be forwarded to ports that have members of that group Disabling IGMP snooping will make multicast traffic treated in the same manner as broadcast traffic Refresh Click this link to renew the working multicast group status Group ID This field displays the ID port f...

Page 190: ...ilable settings are explained as follows Item Description Wake by Two types provide for you to wake up the binded IP If you choose Wake by MAC Address you have to type the correct MAC address of the host in MAC Address boxes If you choose Wake by IP Address you have to choose the correct IP address IP Address The IP addresses that have been configured in Firewall Bind IP to MAC will be shown in th...

Page 191: ... get the SMS what the content is and when the SMS will be sent Available settings are explained as follows Item Description Index Check the box to enable such profile SMS Provider Use the drop down list to choose SMS service provider You can click SMS Provider link to define the SMS server Recipient Type the name of the one who will receive the SMS Notify Use the drop down list to choose a message...

Page 192: ...Object Settings SMS Mail Service Option If there is no object listed click Mail Service link to define a new one with specified service provider Recipient Type the e mail address of the one who will receive the notification message Notify Use the drop down list to choose a message profile The recipient will get the content stated in the message profile You can click the Notify Profile link to defi...

Page 193: ...tion e g IP setting If the host and user s computer have the plug in bonjour driver install they can utilize the service offered by the router by clicking the router name icon In short what the Clients users need to know is the name of the router only To enable the Bonjour service click Application Bonjour to open the following page Check the box es of the server service s that you want to share t...

Page 194: ...njour and DNSSD have been installed you can open the web page DNSSD and see the following results 3 Open System Maintenance Management Type a name e g DrayTek as the Router Name and click OK 4 Next open Applications Bonjour Check the service that you want to use via Bonjour ...

Page 195: ...ble items will be changed as the follows It means the Vigor router based on Bonjour protocol is ready to be used as a printer server FTP server SSH Server Telnet Server and HTTP Server 6 Now any page or document can be printed out through Vigor router installed with a printer ...

Page 196: ...cess into the web user interface of the Vigor router 2 Open Applications Active Directory LDAP to get the following page for configuring LDAP related settings There are three types of bind type supported Simple Mode Just simply do the bind authentication without any search action Anonymous Perform a search action first with Anonymous account then do the bind authentication Regular Mode Mostly it i...

Page 197: ...VigorBX 2000 Series User s Guide 185 and 4 Click OK to save the settings above 5 Open User Management General Setup Select User Based as the Mode Selection option ...

Page 198: ...pen VPN and Remote Access PPP General Setup to check the profile s that will be authenticated with LDAP server After above configurations users belong to either rd1 or shrd group can access Internet after inputting their credentials on LDAP server ...

Page 199: ... interface Specify Interface Through dedicated interface WAN LAN VPN the data can be sent from the source IP to the destination IP Address Mapping Allows you specify the outgoing WAN IP address es for an internal private IP address or a range of internal private IP addresses Priority The router will determine which policy will be adopted for transmitting the packet according to the priority of Sta...

Page 200: ... web pages S St ta at ti ic c R Ro ou ut te e f fo or r I IP Pv v4 4 Available settings are explained as follows Item Description Index The number 1 to 30 under Index allows you to open next page to set up static route Destination Address Displays the destination address of the static route Status Displays the status of the static route Set to Factory Default Clear all of the settings and return t...

Page 201: ...nternal Router B 192 168 1 3 have set Main Router 192 168 1 1 as the default gateway for the Router A 192 168 1 2 Before setting Static Route user A cannot talk to user B for Router A can only forward recognized packets to its default gateway Main Router 1 Go to LAN page and click General Setup select 1st Subnet as the RIP Protocol Control Then click the OK button Info There are two reasons that w...

Page 202: ... follows Item Description Enable Click it to enable this profile Destination IP Address Type an IP address as the destination of such static route Subnet Mask Type the subnet mask for such static route Network Interface Use the drop down list to specify an interface for such static route 3 Return to Static Route Setup page Click on another Index Number to add another static route as show below whi...

Page 203: ...settings are explained as follows Item Description Index The number 1 to 40 under Index allows you to open next page to set up static route Destination Address Displays the destination address of the static route Status Displays the status of the static route Set to Factory Default Clear all of the settings and return to factory default settings Viewing IPv6 Routing Table Displays the routing tabl...

Page 204: ...s profile Destination IPv6 Address Prefix Len Type the IP address with the prefix length for this entry Gateway IPv6 Address Type the gateway address for this entry Network Interface Use the drop down list to specify an interface for this static route When you finish the configuration please click OK to save and exit this page ...

Page 205: ...profile Src IP Start Display the IP address for the start of the source IP Src IP End Display the IP address for the end of the source IP Dest IP Start Display the IP address for the start of the destination IP Dest IP End Display the IP address for the end of the destination IP Dest Port Start Display the IP address for the start of the destination port Dest Port End Display the IP address for th...

Page 206: ...l be passed through the WAN interface Destination IP Any Any IP can be treated as the destination IP Dest IP Start Type the destination IP start for the specified WAN interface Dest IP End Type the destination IP end for the specified WAN interface If this field is blank it means that all the destination IPs will be passed through the WAN interface 3 Click Next to get the following page Available ...

Page 207: ...vailable settings are explained as follows Item Description Force NAT Force Routing It determines which mechanism that the router will use to forward the packet to WAN 5 After choosing the mechanism click Next to get the summary page for reference 6 If there is no error click Finish to complete wizard setting ...

Page 208: ...eps 1 Click the Advance Mode radio button 2 Click Index 1 to access into the following page Available settings are explained as follows Item Description Enable Check this box to enable this policy Protocol Use the drop down menu to choose a proper protocol for the WAN interface ...

Page 209: ... Gateway IP Specific gateway is used only when you want to forward the packets to the desired gateway Usually Default Gateway is selected in default Priority Packets will be transmitted based on all routes or Route Policy Vigor router will determine which rule will be adopted for transmitting the packet according to the priority of Static Route and Route Policy The greater the value is the lower t...

Page 210: ...ets sent out of the router can be traced or Available settings are explained as follows Item Description Mode Analyze how a packet will be sent Choose such mode to make Vigor router analyze how a single packet will be sent by a route policy Analyze how multiple packets Choose such mode to make Vigor router analyze how multiple packets in a specified file will be sent by a route policy ...

Page 211: ...ng The analyzed result will be shown on the page If required click export analysis to export the result as a file Input File Select Click the download link to get a blank example file Then click such button to select that blank csv file for saving the result of analysis Analyze Click it to perform the job of analyzing The analyzed result will be shown on the page If required click export analysis ...

Page 212: ...evised later Example 1 In the following figure a LAN to LAN VPN tunnel is built between DrayTek VPN router e g VigorBX 2000 series and the remote router Firewall Router can receive all of the traffic coming from remote PC which wants to access into Internet and send back the packets to Remote Router through VPN Router 1 Establish a VPN tunnel between VPN Router and the Remote Router 2 Change to de...

Page 213: ...se adjust the value of Priority for such route policy In general default route is specified with the lowest priority for it value is fixed as 250 And Routes in Routing Table are fixed as 150 You can adjust the value for such route policy with lower value e g 100 to ensure it will be applied to packets transmission with the highest priority 5 After finished the above settings click OK to save the c...

Page 214: ... To route the packets coming from the Firewall Router back to the remote router access into the web user interface of the Firewall Router Then set 192 168 1 1 24 as the gateway IP address and set 172 16 3 0 24 as the destination IP address ...

Page 215: ...e side of Router A to break through the Internet censorship circumvention A VPN tunnel has been established between Router A and router B 1 Access into the web user interface of Router A 2 Open Load Balance Route Policy 3 Click any index number e g 1 in this case 4 In the following web page check Enable type 192 168 1 10 as Src IP Range type 213 57 89 100 as the Destination IP for the remote VPN s...

Page 216: ...o either 202 211 100 10 or 203 98 200 10 which IP or mapping is decided by the internal load balancing algorithm With address mapping feature you can manually configure any host mapping to any WAN interface to fit the request In the above example you can configure NAT Host 1 to always map to 202 211 100 10 WAN1 Host 2 to always map to 202 211 100 11 WAN1 alias Host 3 always map to 203 98 200 10 WA...

Page 217: ...e of WAN 1 to open the following page From the above figure set main WAN IP address as 202 211 100 10 Click the WAN IP Alias button to configure the other IP address which is 202 211 100 11 Make sure Join IP NAT Pool is not checked Click OK to save the settings ...

Page 218: ...er s Guide 206 4 After finished configuration for WAN1 open Load Balance Route Policy General Setup 5 Click Index number 1 and 2 to configure the details After finished the settings click OK to save the settings respectively ...

Page 219: ...es User s Guide 207 And 6 Upon completing the above configuration you have specified the outgoing IP address es for some specific computers Now you bind some specific computers to some WAN IP alias for outgoing traffic ...

Page 220: ...he following figure shows a simple application of load balance WAN1 and WAN2 can be used to access into Internet The PC in LAN1 can send the data to the remote PC through the specified WAN1 1 Access into web user interface of VigorBX 2000 series Open Load Balance Route Policy General Setup 2 From the following web page simply click index number 1 ...

Page 221: ... and Dest IP End with 203 65 1 35 and 203 65 1 35 choose WAN1 as the Interface click default gateway do not check Failover To 4 After finished the above settings click OK to save the configuration Now the packets sent to the remote PC IP address 203 65 1 35 will be forced to pass through WAN1 ...

Page 222: ...VigorBX 2000 Series User s Guide 210 This page is left blank ...

Page 223: ... User s Guide 211 P Pa ar rt t I II II I W Wi ir re el le es ss s L LA AN N Wireless LAN enables high mobility so WLAN users can simultaneously access all LAN facilities just like on a wired LAN as well as Internet access ...

Page 224: ... integrated wireless local area network WLAN for 5 GHz 802 11ac or 2 4 5 GHz 802 11n WLAN applications It supports channel operations of 20 40 MHz at 2 4 GHz and 20 40 80 MHz at 5 GHz VigorBX 2000 ac series router can support data rates up to 1 3 GBps in 802 11ac 80 MHz channels VigorBX 2000 n series router supports 802 11n up to 300 Mbps for 40 MHz channel operations Info The actual data throughp...

Page 225: ...u may consider using WPA for the most secure connection You should select the appropriate security mechanism according to your needs No matter which security suite you select they all will enhance the over the air data protection and or privacy on your wireless network The Vigor wireless router is very flexible and can support multiple secure connections with both WEP and WPA at the same time Info...

Page 226: ...e will open channels 52 56 60 64 100 104 108 112 116 120 124 128 132 136 and 140 At present we will not open DFS channels in the USA because we do not have plan for DFS certification in the USA Channels 52 56 60 64 100 104 108 112 116 120 124 128 132 136 and 140 will be restricted in the USA In some countries there are restrictions on DFS channels as well We will implement country code to restrict...

Page 227: ...cessing into Internet Follow the steps listed below 1 Open Wizards Wireless Wizard 2 The screen of wireless wizard will be shown as follows This page will be used for internal users in a company or your home Available settings are explained as follows Item Description Wireless 2 4GHz Settings Name Type the SSID name of this router for wireless 2 4GHz The default name is defined with DrayTek Change...

Page 228: ...f this router for wireless 5GHz Mode At present the router can connect to 11a Only 11n Only 5GHz Mixed 11a 11n and Mixed 11a 11n 11ac stations simultaneously Channel Means the channel of frequency of the wireless LAN The default channel is 36 You may switch channel if the selected channel is under serious interference If you have no idea of choosing the frequency please select Auto to let system d...

Page 229: ... leading by 0x such as 0x321253abcde Rate Control It controls the data transmission rate through wireless connection Upload Check Enable and type the transmitting rate for data upload Default value is 30 000 kbps Download Type the transmitting rate for data download Default value is 30 000 kbps Wireless 5GHz Settings Enable Disable Click it to enable or disable settings in this page Use the same S...

Page 230: ...ble and type the transmitting rate for data upload Default value is 30 000 kbps Download Type the transmitting rate for data download Default value is 30 000 kbps Next Click it to get into the next setting page Cancel Exit the wireless wizard without saving any changes 4 After typing the required information click Next 5 The following page will display the configuration summary for wireless settin...

Page 231: ...d the wireless channel Please refer to the following figure for more information Available settings are explained as follows Item Description Enable Wireless LAN Check the box to enable wireless function Mode For 2 4GHz At present the router can connect to 11g Only 11n Only 2 4 GHz Mixed 11b 11g Mixed 11g 11n and Mixed 11b 11g 11n stations simultaneously Simply choose Mixed 11b 11g 11n mode ...

Page 232: ...ed clients or STAs to join your wireless LAN Depending on the wireless utility the user may only see the information except SSID or just cannot see any thing about Vigor wireless router while site surveying The system allows you to set four sets of SSID for different usage In default the first set of SSID will be enabled You can hide it for your necessity SSID Means the identification of the wirel...

Page 233: ... cu ur ri it ty y This page allows you to set security with different modes for SSID 1 2 3 and 4 respectively After configuring the correct settings please click OK to save and invoke it The password PSK of default security mode is provided and stated on the label pasted on the bottom of the router For the wireless client who wants to access into Internet through such router please input the defau...

Page 234: ...d dynamically from RADIUS server with 802 1X protocol WPA PSK Accepts only WPA clients and the encryption key should be entered in PSK WPA2 PSK Accepts only WPA2 clients and the encryption key should be entered in PSK Mixed WPA WPA2 PSK Accepts WPA and WPA2 clients simultaneously and the encryption key should be entered in PSK WPA The WPA encrypts each frame transmitted from the radio using the ke...

Page 235: ...k or white list The user may block wireless clients by inserting their MAC addresses into a black list or only let them be able to connect by inserting their MAC addresses into a white list In the Access Control web page users may configure the white black list modes used by each SSID and the MAC addresses applied to their lists Available settings are explained as follows Item Description Enable M...

Page 236: ... in the MAC address list After finishing all the settings here please click OK to save the configuration I II II I 1 1 5 5 W WP PS S WPS Wi Fi Protected Setup provides easy procedure to make network connection between wireless station and wireless access point vigor router with the encryption of WPA and WPA2 Info WPS is available for the wireless station with WPS supported It is the simplest way t...

Page 237: ... Start PBC button of network card If you want to use PIN code you have to know the PIN code specified in wireless client Then provide the PIN code of the wireless client you wish to connect to the vigor router For WPS is supported in WPA PSK or WPA2 PSK mode if you do not choose such mode in Wireless LAN Security you will see the following message box Please click OK and go back Wireless LAN Secur...

Page 238: ... mode of the router Only WPA2 PSK and WPA PSK support WPS Configure via Push Button Click Start PBC to invoke Push Button style WPS setup procedure The router will wait for WPS requests from wireless clients about two minutes The WPS LED on the router will blink fast when WPS is in progress It will return to normal condition after two minutes You need to setup WPS within two minutes Configure via ...

Page 239: ...S bridge interface The application for the WDS Repeater mode is depicted as below The major difference between these two modes is that while in Repeater mode the packets received from one peer AP can be repeated to another peer AP through WDS links Yet in Bridge mode packets received from a WDS link will only be forwarded to local wired or wireless hosts In other words only Repeater mode can do WD...

Page 240: ...e following page will be shown Available settings are explained as follows Item Description Mode Choose the mode for WDS setting Disable mode will not invoke any WDS setting Bridge mode is designed to fulfill the first type of application Repeater mode is for the second one ...

Page 241: ...ng mode please type in the peer MAC address in these fields Four peer MAC addresses are allowed to be entered in this page at one time Yet please disable the unused link to get better performance If you want to invoke the peer MAC address remember to check Enable box in the front of the MAC address after typing Repeater If you choose Repeater as the connecting mode please type in the peer MAC addr...

Page 242: ...se choose such mode Such mode can make the data transmission happen between 11n systems only In addition it does not have protection mechanism to avoid the conflict with neighboring devices of 802 11a b g Channel Bandwidth 20 the router will use 20Mhz for data transmission and receiving between the AP and the stations 20 40 the router will use 20Mhz or 40Mhz for data transmission and receiving acc...

Page 243: ...long preamble Click Enable to use Long Preamble if needed to communicate with this kind of devices Packet OVERDRIVE This feature can enhance the performance in data transmission about 40 more by checking Tx Burst It is active only when both sides of Access Point and Station in wireless client invoke this function at the same time That is the wireless client must support this feature and invoke the...

Page 244: ...rameters for wireless data transmission please click the Enable radio button APSD Capable APSD automatic power save delivery is an enhancement over the power save mechanisms supported by Wi Fi networks It allows devices to take more time in sleeping state and consume less power to improve the performance by minimizing transmission latency The default setting is Disable After finishing all the sett...

Page 245: ...nce of the APs on the wireless LAN Yet only the AP which is in the same channel of this router can be found Please click Scan to discover all the connected APs Available settings are explained as follows Item Description Scan It is used to discover all the connected AP The results will be shown on the box above this button Statistics It displays the statistics for the channels used by APs Add to I...

Page 246: ...ong with its status code There is a code summary below for explanation For convenient Access Control you can select a WLAN station and click Add to Access Control below Available settings are explained as follows Item Description Refresh Click this button to refresh the status of station list Add Click this button to add current typed MAC address into Access Control ...

Page 247: ...r and will not occupy the wireless network for a long time Available settings are explained as follows Item Description SSID Display the SSID that the wireless station will use it to connect with Vigor router Enable Check the box to enable the station control function Connection Time Reconnection Time Use the drop down list to choose the duration for the wireless client connecting reconnecting to ...

Page 248: ...VigorBX 2000 Series User s Guide 236 This page is left blank ...

Page 249: ... t I IV V P Ph ho on ne e S Sy ys st te em m IP PBX IP Private Branch eXchange is a private telephone network used within an enterprise Users of the PBX can share a certain number of outside lines for making telephone calls VoIP external to the PBX ...

Page 250: ...his is an ideal and convenient deployment for the ITSP Internet Telephony Service Provider and softphone and is widely supported SIP is an end to end signaling protocol that establishes user presence and mobility in VoIP structure Every one who wants to talk using his her SIP Uniform Resource Identifier SIP Address The standard format of SIP URI is sip user password host port Some fields may be op...

Page 251: ...end s account name if you are with the same SIP Registrar P Pe ee er r t to o P Pe ee er r Before calling you have to know your friend s IP Address The Vigor VoIP Routers will build connection between each other Vigor V models firstly apply efficient codecs designed to make the best use of available bandwidth but Vigor V models also equip with automatic QoS assurance QoS Assurance assists to assig...

Page 252: ...n high priority to voice traffic via Internet You will always have the required inbound and outbound bandwidth that is prioritized exclusively for Voice traffic over Internet but you just get your data a little slower and it is tolerable for data traffic ...

Page 253: ...ick method to configure settings for VoIP application Follow the steps listed below 1 Open Wizards IPPBX Wizard 2 The screen of IPPBX Wizard will be shown as follows Available settings are explained as follows Item Description Extension Group Name Type a name as a display for this extension group Extension Group Number Type the number of extension for such group ...

Page 254: ...ill be used in registration done by IP Phone Next Click it to get into the next setting page Cancel Click it to give up the VoIP wizard 3 When you finish the settings of group name group number start number number of extension fields please click OK to save them 4 The new added group will be displayed on the screen You can set 20 groups for using in different conditions Then click Next to access i...

Page 255: ... the destination of data transmission e g nat draytel org 5065 Account Number Name Enter your account name of SIP Address e g every text before Password Type the password which will be used in registration for SIP service for this profile Trunk Number There are two ways to dial outside lines for an extension number First dial a short number and wait for a while When dial tone appears please dial t...

Page 256: ...e them 7 The new added profile will be displayed on the screen 8 Click Next to access into next web page The following page allows you to set office hours including starting point ending point on duty day s Available settings are explained as follows Item Description When do you start working in the Use the drop down menu to choose the time as the starting point in the morning ...

Page 257: ...se the drop down menu to choose the time as the starting point in the afternoon When do you leave the office Use the drop down menu to choose the time as the ending point in the afternoon Is this schedule available at the weekend If such schedule will be available in the weekend simply click Yes otherwise click No 9 When you finish the settings click Finish to save the settings and exit the wizard...

Page 258: ... on the page based on the data typed in the Extension Number Index Display the number link for each profile Ext Display the extension number of such profile Name Display the name of such extension profile Email Address Display the email address for receiving the receive voice mail message Outgoing Call Display the interface that the outgoing call used Status Display if such extension is active or ...

Page 259: ...ration from WAN in IP PBX PBX System SIP Proxy Setting page is unchecked there are two options offered here WAN VPN for extension registration For getting the highest network security please check VPN only In addition refer to section 3 14 How to enhance the security for extensions registration for detailed information Type Determine the type for such extension profile SIP Choose this type to make...

Page 260: ...g Indication There are two types of MWI for users to choose Please click the one according to the real application Notify User who Subscribed The user needs to send out SUBSCRIBE message first When IPPBX detects new voice message from some extension number or the condition of the voice message is changed it will transfer NOTIFY message to the users within the valid time subscribed Force Notify Use...

Page 261: ...ing phone call will be processed by leaving voice mail forwarding to certain extension or group or forwarding to SIP Trunk Please determine the way you want to process Forward To SIP Trunk If you choose Forward To SIP Trunk as the Answer Mode setting you have to specify one of the SIP Trunk numbers from 001 to 006 and type an external number in the field of dial to Later the internal phone calls w...

Page 262: ...from SIP Trunk Click IP PBX Trunks to open the following page DID Direct Inward Dialing is a service provided by SIP providers It allows one main SIP account SIP Trunk attached with several sub accounts defined in Alias List under SIP Trunk When the main accounts have been registered on VigorBX 2000 it means the router owns these sub accounts at the same time That is people can dial main SIP accou...

Page 263: ...he short number for such account Status Display current status for the account successful registration or failed registration Alias List Allows you to set sub accounts for the main accounts in SIP Trunk Please click any number under Index to set detailed configuration Available settings are explained as follows Item Description Profile Active Click Enable to enable such trunk profile Profile Name ...

Page 264: ... Check the box to invoke this function and enter the name or number used for SIP Authorization with SIP Registrar If this setting value is the same as Account Name it is not necessary for you to check the box and set any value in this field Password The password provided to you when you registered with a SIP service Expiry Time It is the time duration that your SIP Registrar server keeps your regi...

Page 265: ...or Group directly After choosing the answer mode you have to specify the right extension group or Virtual Fax from the drop down list next to the answer mode selection Time budget per day Check the box to enable time budget function and configure the time value If run out of budget you can not make new call for this trunk the existing call will be dropped Max simultaneous call number Type a number...

Page 266: ...y the phone number of such account Office Hours Display the selected answer mode for office hours Non Office Hours Display the selected answer mode for non office hours Holiday Display the selected answer mode for holidays Active Display current activation status for such account enabled or disabled Trunk Display the SIP Trunk for such sub account attached You can set 50 profiles as alias for SIP ...

Page 267: ...em to display the alias phone number that is the sub account Answer Mode Office hours Set the answering mode for such outside line in office time You can specify it with Auto Attendant AA or forward it to any Extension or Group directly Non Office hours Set the answering mode for such outside line in non office time You can specify it with Auto Attendant AA or forward it to any Extension or Group ...

Page 268: ... trunk number just like you dial 0 to access trunk line in normal PBX system Answer Mode Office hours Set the answering mode for such outside line in office time You can specify it with Auto Attendant AA or forward it to any Extension or Group directly Non Office hours Set the answering mode for such outside line in non office time You can specify it with Auto Attendant AA or forward it to any Ext...

Page 269: ...he number as a Pin Code Time budget per day Check the box to enable time budget function and configure the time value If run out of budget you can not make new call for this trunk the existing call will be dropped Disconnect PSTN Trunk Press this button to disconnect PSTN trunk when FXO seizes the line and has no way to release it Enable Offnet Play Prompt Check the box to make the phone playing p...

Page 270: ...ble Disable to enable disable such trunk Choose an extension as trunk Use the drop down list to specify the extension you need Answer Mode Office hours Set the answering mode for such outside line in office time You can specify it with Auto Attendant AA or forward it to any Extension or Group directly Non Office hours Set the answering mode for such outside line in non office time You can specify ...

Page 271: ... This page allows you to set phone book digit map call barring regional settings and PSTN setup for the VoIP function Click the links on this page to access into next pages for detailed settings V VI I 1 1 4 4 1 1 D Di ig gi it t M Ma ap p For the convenience of user this page allows users to edit prefix number for the SIP account with adding number stripping number or replacing number It is used ...

Page 272: ... specific VoIP interface Take the above picture Prefix Table Setup web page as an example the prefix number of 03 will be replaced by 8863 For example dial number of 031111111 will be changed to 88631111111 and sent to SIP server Operand Number The front number you type here is the first part of the account number that you want to execute special function according to the chosen mode by using the ...

Page 273: ... phonebook It can help you to make calls quickly and easily by using Speed Dial Number There are total 20 index entries in the phonebook for you to store all your friends and family members phone numbers Available settings are explained as follows Item Description Enable Check the box to enable the entry Speed Dial Number Type the digit number maximum 6 in this field which can dial to the client w...

Page 274: ...e one that is not welcomed Click any index number to display the dial plan setup page Available settings are explained as follows Item Description Enable Check it to enable this entry Call Direction Determine the direction for the phone call IN incoming call OUT outgoing call IN OUT both incoming and outgoing calls Apply To Call barring is available when OUT is selected as the Call Direction It ca...

Page 275: ...the index of schedule profiles to control the call barring according to the preconfigured schedules Refer to section Applications Schedule for detailed configuration Additionally you can set advanced settings for call barring such as Block Anonymous or Block Unknown Domain Simply click the relational links to open the web page For Block Anonymous this function can block the incoming calls without ...

Page 276: ... P Pr ro ox xy y S Se et tt ti in ng g To make the IP phone to be registered in IP PBX device successfully it is necessary for the users to configure settings in this page Available settings are explained as follows Item Description SIP Local Port Set a port number as SIP local port The default setting is 5060 SIP Proxy Realm Type SIP service domain name In full SIP URI such is the part after symb...

Page 277: ...ld is system wide it also works for extension extension call Disable remote registration Check the box to disable remote site WAN or VPN registering toVigorBX 2000 Limit SIP Request WAN Choose this item to restrict number of SIP request per second from WAN side Enable ACL white list for WAN IP Check the box to enable the management of white list for WAN IP Automatic block extension for wrong passw...

Page 278: ...ber it and hang up the phone set 3 Next use another phone set in remote end to communicate with that caller again by dialing the voice number XXXX Parking Slot Range The parking server has capacity limitation It provides only 10 parking slots Each slot can be specified with a number Type the number range for the parking server Extension for checking message This is the number for you to dial into ...

Page 279: ...new destination predefined for the extension Turn OFF Call Forward This number is used to turn off the call forwarding function for the user s extension when the user returns to his her seat Turn ON DND Do Not Disturb This number is used to turn on the function of DND When the function is enabled the user will have a period of peace time without disturbing by VoIP phone call Turn OFF DND Do Not Di...

Page 280: ...on number for such group Labeling on caller ID The caller ID with name or extension number will be displayed on the phone panel of the other side E mail Address Type the e mail address to receive the voice mail sent by the router for this group Voice Mail Password Type the password used to access voice mail for this group Hunt Rule Use the drop down menu to choose rule for such group Simultaneousl...

Page 281: ...all the call will be processed with the way chosen here such as being terminated keeping ringing forwarding to certain group forwarding to certain extension or leaving voice mail and so on If you choose Forward to Group Forward to Extension Voice Mail Pick up by AA a drop down box will appear for you to choose the extension group mail address AA menu to transfer to Queue Overflow If you choose Que...

Page 282: ...nd configure settings of virtual FAX Info Before using the FAX feature please make sure the USB disk has been connected to USB port ofVigorBX 2000 already Let the USB disk formatted in FAT32 After connecting the USB disk open Advanced USB Application USB Disk Status to check if the disk connected well or not VigorBX 2000 supports the function of Virtual FAX Comparing to the traditional fax machine...

Page 283: ...emotely For example your extension is 100 and the number typed in this field is 889 When you are outside the company and want to check your voicemail you can 1 Dial to IP PBX trunk Then AA will answer your code 2 Enter this number 889 3 The system asks you to input your extension number 100 4 The system asks you to input your voice mail PIN code Save voice message to USB disk Check the box to save...

Page 284: ...ce Mail Content Type the content of the voice mail Virtual FAX Configuration Enable Virtual FAX Check the box to enable such function Extension Number Type the extension number to offer the FAX service for Virtual FAX will be considered as an extension Email to Type the e mail address which will receive the FAX forwarded by VigorBX 2000 whenever the router gets it Test Check the button to make a t...

Page 285: ...Check the box to enable the entry From Trunk Select incoming FAX from which trunk line In SIP different trunk could have same number so it is necessary to select trunk here For example sip 123 iptel org and sip 123 draytel org share the same caller ID 123 but they are different sources CID Prefix It means Caller ID Prefix For example if the rule is set with 123 then caller IDs of123456 and 123789 ...

Page 286: ... Virtual FAX extension number After finishing all the settings here please click OK to save the configuration V VI I 1 1 5 5 6 6 O Of ff fi ic ce e H Ho ou ur rs s You can set ten groups of office hours including starting point ending point on duty day s Available settings are explained as follows Item Description Office Hours Enable Check it to enable the profile ...

Page 287: ...point Weekdays Check the day s to apply the office hour for that index Holiday Setting Specify date s for applying the office hour settings and prompt setting in holiday for example type 2 4 6 7 in the field of Date for Month 1 It means January 2 4 6 7 will apply the office hour settings configured in this page After finishing all the settings here please click OK to save the configuration ...

Page 288: ...s the whole flowchart of auto attendant Follow the indication of the arrows on the page and choose suitable prompts one by one and adopts the action you want Available settings are explained as follows Item Description Auto Attendant Wizard Use the drop down list to choose one of the menus to configure the auto attendant profile 1 2 3 ...

Page 289: ...ke the system replaying the greeting again when the input is error Check retry when idle timeout Check the box to make a retry based on the selection chosen here Not Used Nothing will be done for the key Ring Extension Only the extension number selected here will ring Ring Hunt Group Only the extension number within the Hunt Group will ring Play Prompt and Terminate Type system will play the promp...

Page 290: ...ows you to configure settings used by auto attendant Available settings are explained as follows Item Description Pause between each greeting playing Type the time interval between each greeting playing Idle timeout Type the time for the system to play the notification prompt when the caller does nothing DTMF timeout AA will wait the user to input digit usually it is called the digit DTMF Therefor...

Page 291: ...make the IP PBX system playing Users can record audio files and upload to router or download to PC However the file format of the audio file must follow the rule stated on the web page Users can record the audio files through a phone set connected to the router or use audio record program on PC V VI I 1 1 5 5 9 9 1 1 S Sy ys st te em m P Pr ro om mp pt ts s This page displays the system prompt sta...

Page 292: ... the audio file s saved in FLASH of the router to your computer please choose the one you want from the drop down menu and click Back Up Upload System Prompt file is provided by router firmware To use such audio file you have to upload it to flash memory of the router after finishing firmware update Click the Browse button to browse and choose other audio files Click the Restore button to save the...

Page 293: ...er Available settings are explained as follows Item Description Download System Prompt G711 The audio file can be saved with IVR file format or WAV file format In general it will be saved in the router s memory after you record it To back up the audio file s saved in FLASH of the router to your computer please choose the one you want from the drop down menu and click Back Up Upload System Prompt f...

Page 294: ...this sub system Score High bound It means the satisfaction range high bound for example 9 the highest Score Low bound It means the satisfaction range low bound for example 1 the lowest Survey Prompt Select a user prompt This prompt will be played to the customer after the support staff hang up the phone The content of this prompt usually likes To enhance the service quality please enter one digit ...

Page 295: ...phone set Session Timer Check the box to enable the function In the limited time that you set in this field if there is no response the connecting call will be closed automatically T 38 Fax Function Check the box to enable T 38 fax function Error Correction Mode Choose a mode for error correction Prefer Codec Select one of five codecs as the default for your VoIP calls The codec used for each call...

Page 296: ... telecommunication custom for the local area of the router installed Wrong tone settings might cause inconvenience for users To set the sound pattern of the phone set simply choose a proper region to let the system find out the preset tone settings and caller ID type automatically Or you can adjust tone settings manually if you choose User Defined TOn1 TOff1 TOn2 and TOff2 mean the cadence of the ...

Page 297: ...nded for you to use the default setting Ring Frequency This setting is used to drive the frequency of the ring tone It is recommended for you to use the default setting Call Waiting Tone Power Level This setting is used to adjust the loudness of the call waiting tone The smaller the number is the louder the tone is It is recommended for you to use the default setting DTMF DTMF Mode There are four ...

Page 298: ...was 101 This setting is available for the OutBand RFC2833 mode Replace digit in caller ID to For international phone call the phone number could add a sign for example 8865972727 However the caller ID DTMF type especially can not display at all Therefore this function can be enabled to give another number to replace the plus sign for example can be replaced by 00 Then the above phone number will b...

Page 299: ...T 38 fax function Error Correction Mode Choose a mode for error correction Prefer Codec Select one of five codecs as the default for your VoIP calls The codec used for each call will be negotiated with the peer party before each session and so may not be your default choice The default codec is G 729A B it occupies little bandwidth while maintaining good voice quality If your upstream speed is onl...

Page 300: ...unction click off to close the function Allow to access these SIP Trunks FXO port is allowed to access into the SIP trunk s selected here After finishing all the settings here please click OK to save the configuration In addition you can press the Advanced button to configure tone settings volume gain and DTMF mode For the usage and explanation see VI 1 5 11 1 Detailed Settings for Phone Port Adva...

Page 301: ...a file 2 In Save As dialog the default filename is vigorpbx_SIPTrunk_Setting_201XXXXX for SIP Trunk or vigorpbx_Ext_Setting_201XXXXX for extension settings You could give it another name by yourself 3 Click Save button the configuration will download automatically to your computer as a file named vigorpbx_SIPTrunk_Setting_201XXXXX for SIP Trunk or vigorpbx_Ext_Setting_201XXXXX for extension settin...

Page 302: ... 1 6 6 1 1 C Ca al ll l D De et ta ai il l R Re ec co or rd ds s This page displays call records of IP PBX such as failed call successful call no answer call date of the call and the duration of each call and so on Such records can be exported as a file with file format csv and stored in the host Simply click Export ...

Page 303: ...te of the fax and the duration of each fax and so on Such records can be exported as a file with file format csv and stored in the host Simply click Export V VI I 1 1 6 6 3 3 E Ex xt te en ns si io on n M Mo on ni it to or r This page displays owner s name IP address status and peer number for each extension Click Refresh to reload the page whenever you want ...

Page 304: ...ark a call Steve can perform the following actions on IP Phone A 1 Press the transfer button on IP Phone A 2 Dial the call park number 777 3 Steve hears an announcement that Your parking number is XXXXX for example 22201 4 Hang Up Please take notice If there is no transfer button on your phone please try the button Or check the user guide of your hardware software IP phone to find the button for c...

Page 305: ...ki in ng g U Us sa ag ge e Call Parking is similar to Call Transfer But Call Transfer is a blind transfer Sometimes you are required to confirm if a person is available or not before transferring a call For example Mike is manager and Jane is his secretary When there is an incoming call Jane always parks the call After the announcement Jane hangs up and dials the extension of Mike and informs him ...

Page 306: ...erator You can customize the auto attendant to play greeting messages based on the time and day settings such as office hours after office hours weekends and holidays Info Please use latest Voice Prompt Utility from DrayTek please visit http www draytek com user SupportDLUtility php to record the prompts C Co on nf fi ig gu ur re e A Au ut to o A At tt te en nd da an nt t o on n V Vi ig go or rB B...

Page 307: ...any We are currently unavailable to take your call Our business hours are nine to six Monday through Friday If you want to leave a message please press 0 to leave a message for the receptionist If you want to get new product information please press 1 through 9 When you finish the record press Dial 1256 to hear the non office hours greeting Prompt 6 that you have recorded If you are not satisfied ...

Page 308: ...It is a hunt group If the hunt rule is set with Sequentially the extension 201 ring first then 202 205 203 and finally 204 rings one by one when someone calls 200 If the hunt rule is set with Simultaneously extensions 201 202 203 204 and 205 ring at the same time when someone calls 200 ...

Page 309: ...dant for Office hours and Non office hours for the SIP trunk In this example when you call 866669 iptel org during the office hours you will hear office hours greeting Prompt 5 during the non office hours you will hear the non office hours greeting Prompt 6 ...

Page 310: ...nuary 20 and February 15 Based on the above configuration the router will configure the settings for the non office hours automatically 6 Open Auto Attendant Wizard and configure the Office hours rule The rule is set as follows Key 1 for support department Press 1 for technical support Key 2 for sales department Press 2 for sales Key 3 for advertisement Press 3 to listen to new products introducti...

Page 311: ... Next to configure settings for Non office hours Key 0 is designated for Ring Extension and here it is set for receptionist For other keys we let the users to listen to new product introduction 8 Then click OK to finish the auto attendant wizard ...

Page 312: ...VigorBX 2000 Series User s Guide 300 Info If a caller dials the wrong extension number VigorBX 2000 will play the greeting once more to let he she dials the right extension again ...

Page 313: ...figuration 1 Prepare and insert a USB disk onto the USB port of VigorBX 2000 The USB disk is used for storing the FAX file with the file formate of TIF A FAX machine must be connected to VigorBX 2000 via Line 1 2 port 2 Login the web user interface of VigorBX 2000 3 Create the email server profile Open Object Settings SMS Mail Service Object and click an index number e g 1 4 In the following page ...

Page 314: ...s going to receive the incoming fax in the field of Extension Number Type an email address which is going to receive the incoming fax in the field of Email to e g the telephone exchange Check the box of Forward Fax file by Email Choose the SMTP Server e g 1 DrayTek in this case as the Email Server Check the box of Prefer WAN interface and choose WAN2 Info The extension number configured here must ...

Page 315: ...the people who might receive lots of FAX due to the work requirement Click an index number e g 1 8 In the web page type the extension number e g 6988 display name e g MKT_Carrie and the email address e g carrie draytek com Click OK to save the settings 9 The new phone extension profile has been created as below ...

Page 316: ...ward to It means a fax coming from CID Prefix will be forward to the e mail address for extension profile with number of 6988 defined in step 8 If backup is required for the received FAX simply choose Enable for Send backup Info If Send backup is configured with Enable open System Maintenance Syslog Mail Alert Setup to configure Mail Alert Setup The FAX except received by the receiver also will be...

Page 317: ...VigorBX 2000 Series User s Guide 305 The following figure shows all of the incoming fax stored in USB disk ...

Page 318: ...2000 will send the information of corresponding extension to the connected IP phone automatically Thus such VigorPhone 350 would be registered to VigorIPPBX successfully H Ho ow w t to o C Co on nf fi ig gu ur re e t th he e S Se et tt ti in ng gs s Suppose you have one VigorPhone 350 with the MAC address of 00 A8 59 C3 FA AE You want to connect the IP Phone to VigorBX 2000 by using Auto Provision...

Page 319: ...rBX 2000 Series User s Guide 307 After finished the settings connect the IP Phone to any LAN port of VigorBX 2000 Such IP Phone now has registered to the specified extension 501 on VigorBX 2000 successfully ...

Page 320: ...registered and usurped by hackers without limitations Some special SIP provider e g iptel supports on net and off net for PSTN Therefore each SIP trunk account can be configured with Time Budget Below shows related settings of Time Budget for SIP Trunk and PSTN Trunk respectively S SI IP P T Tr ru un nk k Open IP PBX Trunks SIP Trunk and click any index e g 1 to set the trunk profile Refer to the ...

Page 321: ...1 to set the trunk profile Refer to the above figure Such PSTN Trunk account can make the phone call conversation for 50 minutes everyday for the Time Budget is set with 50 When the conversation time is accumulated up to 50 minutes VigorBX 2000 will cut off the conversation immediately even if both sides on still on call ...

Page 322: ...Hu un nt t G Gr ro ou up p Labeling on Caller ID allow us to set different number display such as Caller Number Hunt Group Name or Group Number for the incoming call when the caller dials the hunt group extension number remotely Above shows a simple example Based on the figure we can configure the web page as the following 1 Open IP PBX PBX System and click the link of Hunt Group ...

Page 323: ... the extensions inside the Hunt Group will display 8201 Display Group Name When Jerry dials 100 Group Number of Sales through SIP Trunk the calling number display of all of the extensions inside the Hunt Group will display Sales Display Group Extension When Jerry dials 100 Group Number of Sales through SIP Trunk the calling number display of all of the extensions inside the Hunt Group will display...

Page 324: ...ales department They can be grouped within one hunt group represented by 200 in this case in VigorBX 2000 When someone dials 200 these three extensions will ring at the same time Here we will introduce how to configure the Hunt Group in VigorBX 2000 series 1 Open the web user interface of VigorBX 2000 Access into IPPBX PBX System Hunt Group 2 Click an index number link to create a new profile 3 Ty...

Page 325: ...rminate Time is up and no one answers the phone call will be hung up automatically Keep Ringing If no one answers the phone call will ring continuously till someone lifts it Forward To Group If no one answers the phone call will be forwarded to another hunt group Forward To Extension If no one answers in certain extension the phone call will be forwarded to another extension Voice Mail If no one a...

Page 326: ...o complete user s desire When there are several incoming calls to VigorBX 2000 after forwarding them to different hunt groups VigorBX 2000 will accept all the phone calls and queue them one by one Then VigorBX 2000 will arrange them according to the priority of each hunt group for picking up Such design can enhance the convenience for the users and make the phone call answering application more el...

Page 327: ... the limit of Max queue slots only the Hunt Group with Top Priority will stay in queue For example if you type 2 in this field only two calls in Hunt Group with High Priority can stay in queue If Max queue slots is set by 1 and Additional slots is set by 1 it means the maximum number of the incoming call waiting for picking up is just 1 The incoming call with Priority 2 will not be queue by VigorB...

Page 328: ...the call and the queue time out set with 60 seconds is up such call will be hung up Case 2 All the three extensions in Sales Department are on the phone then Joy dials to Sales Department from Trunk Such phone call will be queued by VigorBX 2000 immediately If Jonny ends the phone call conversation the incoming call from Joy will be picked up by Jonny Case 3 When Joy and Joseph dial to Sales and R...

Page 329: ...two hunt groups with high priority will be sent out Therefore the extensions of these two departments will ring again within 40 seconds If there are phone calls coming from other Hunt Group they will be queued by VigorBX 2000 automatically ...

Page 330: ...VigorBX 2000 Series User s Guide 318 This page is left blank ...

Page 331: ... a manner that emulates the properties of a point to point private link It is a form of VPN that can be used with a standard Web browser A digital certificate works as an electronic ID which is issued by a certification authority CA It contains information such as your name a serial number expiration dates etc and the digital signature of the certificate issuing authority so that a recipient can v...

Page 332: ...s and mobile VPN users Teleworkers or remote users will typically have a password to log into your office VPN Although this is quick and easy if the user saves the password on their PC writes it down somewhere or are seen typing it your VPN and therefore your network is immediately compromised A single password provides just a single layer of security only one fixed piece of information to crack i...

Page 333: ... want to log into your VPN you enter your PIN into the phone and it generates your one time password for that session In this way you need both your phone and your PIN to connect the VPN so it is now a two layer authentication method Only your own phone will work unless you pair another phone with the Vigor VPN server Next time you connect a different login password will be generated by your phone...

Page 334: ...for VPN dial out connection from server to client step by step 1 Open Wizards VPN Client Wizard The following page will appear Available settings are explained as follows Item Description LAN to LAN Client Mode Selection Choose the client mode Route Mode NAT Mode If the remote network only allows you to dial in with single IP please choose NAT mode otherwise please choose Route Mode Please choose ...

Page 335: ...types provided here Different type will lead to different configuration page After making the choices for the client profile please click Next You will see different configurations based on the selection s you made Info The following descriptions for VPN Type are based on the Route Mode specified in LAN to LAN Client Mode Selection When you choose PPTP None Encryption or PPTP Encryption you will s...

Page 336: ... Guide 324 When you choose IPsec you will see the following graphic When you choose L2TP you will see the following graphic When you choose L2TP over IPsec Nice to Have or L2TP over IPsec Must you will see the following graphic ...

Page 337: ...s setting is useful for dial out only WAN1 First WAN2 First WAN3 First WAN4 First While connecting the router will use WAN1 WAN2 WAN3 WAN4 as the first channel for VPN connection If WAN1 WAN2 WAN3 WAN4 fails the router will use another WAN interface instead WAN1 Only WAN2 Only WAN3 Only WAN4 Only While connecting the router will use WAN1 WAN2 WAN3 as the only channel for VPN connection WAN1 Only O...

Page 338: ...erwise the setting you choose here will not be effective IPsec Security Method Medium Authentication Header AH means data will be authenticated but not be encrypted By default this option is active High Encapsulating Security Payload ESP means payload data will be encrypted and authenticated You may select encryption algorithm from Data Encryption Standard DES Triple DES 3DES and AES User Name Thi...

Page 339: ... button to access VPN and Remote Access Connection Management for viewing VPN Connection status Do another VPN Server Wizard Setup Click this radio button to set another profile of VPN Server through VPN Server Wizard View more detailed configuration Click this radio button to access VPN and Remote Access LAN to LAN for viewing detailed configuration ...

Page 340: ...o Site VPN Remote Dial in User You can manage remote access by maintaining a table of remote user profile so that users can be authenticated to dial in via VPN connection Please choose a LAN to LAN Profile This item is available when you choose Site to Site VPN LAN to LAN as VPN server mode There are 32 VPN profiles for users to set Please choose a Dial in User Accounts This item is available when...

Page 341: ...Dial in User selected 2 After making the choices for the server profile please click Next You will see different configurations based on the selection you made Here we take the examples of choosing Site to Site VPN as the VPN Server Mode When you check PPTP you will see the following graphic When you check PPTP IPsec L2TP three types or PPTP IPsec two types or L2TP with Policy Nice to Have Must yo...

Page 342: ...scription Profile Name Type a name for such profile The length of the file is limited to 10 characters User Name This field is used to authenticate for connection when you select PPTP or L2TP with or without IPsec policy above The length of the name is limited to 11 characters Password This field is used to authenticate for connection when you ...

Page 343: ...ss or VPN client IP address for the remote client Peer ID Type the ID name for the remote client The length of the name is limited to 47 characters Remote Network IP Please type one LAN IP address according to the real location of the remote host for building VPN connection Remote Network Mask Please type the network mask according to the real location of the remote host for building VPN connectio...

Page 344: ... and Remote Access LAN to LAN for viewing detailed configuration V V 1 1 3 3 R Re em mo ot te e A Ac cc ce es ss s C Co on nt tr ro ol l Enable the necessary VPN service as you need If you intend to run a VPN server inside your LAN you should disable the VPN service of Vigor Router to allow VPN tunnel pass through as well as the appropriate NAT settings such as DMZ or open port After finishing all...

Page 345: ...ion MPPE Optional MPPE This option represents that the MPPE encryption method will be optionally employed in the router for the remote dial in user If the remote dial in user does not support the MPPE encryption algorithm the router will transmit no MPPE encrypted packets Otherwise the MPPE encryption scheme will be used to encrypt the data Require MPPE 40 128bits Selecting this option will force ...

Page 346: ...dress from the local private network For example if the local private network is 192 168 1 0 255 255 255 0 you could choose 192 168 1 200 as the Start IP Address You can configure up to four start IP addresses for LAN1 LAN6 PPP Authentication Methods Select the method s to be used for authentication in PPP connection PPTP LDAP Profile Configured LDAP profiles will be listed under such item Simply ...

Page 347: ... the data payload only It can just apply to local packet e g L2TP over IPsec The Tunnel mode will not only add the AH ESP payload but also use a new IP header Tunneled IP header to encapsulate the whole original IP packet Authentication Header AH provides data authentication and integrity for IP packets passed between VPN peers This is achieved by a keyed one way hash function to the packet to cre...

Page 348: ...Encapsulating Security Payload ESP means payload data will be encrypted and authenticated You may select encryption algorithm from Data Encryption Standard DES Triple DES 3DES and AES After finishing all the settings here please click OK to save the configuration V V 1 1 6 6 I IP Ps se ec c P Pe ee er r I Id de en nt ti it ty y To use digital certificate for peer authentication in either LAN to LA...

Page 349: ...ble this account Check it to enable such account profile Accept Any Peer ID Click to accept any peer regardless of its identity Accept Subject Alternative Name Click to check one specific field of digital signature to accept the peer with matching value The field can be IP Address Domain or E mail Address The box under the Type will appear according to the type you select and ask you to fill in co...

Page 350: ...ows the summary table Available settings are explained as follows Item Description Set to Factory Default Click to clear all indexes Index Click the number below Index to access into the setting page of Remote Dial in User User Display the username for the specific dial in user of the LAN to LAN profile The symbol represents that the profile is empty Active Check the box to activate such profile S...

Page 351: ...te dial in user to make an IPsec VPN connection through Internet L2TP with IPsec Policy Allow the remote dial in user to make a L2TP VPN connection through the Internet You can select to use L2TP alone or with IPsec Select from below None Do not apply the IPsec policy Accordingly the VPN connection employed the L2TP without IPsec policy can be viewed as one pure L2TP connection Nice to Have Apply ...

Page 352: ... e g 1234 Secret Use the 32 digit secret number generated by mOTP in the mobile phone e g e759bb6f0e94c7ab4fe6 Subnet Chose one of the subnet selections for such VPN profile Assign Static IP Address Please type a static IP address for the subnet you specified IKE Authentication Method This group of fields is applicable for IPsec Tunnels and L2TP with IPsec Policy when you specify the IP address of...

Page 353: ...connection profiles You may set parameters including specified connection direction dial in or dial out connection peer ID connection type VPN connection including PPTP IPsec Tunnel and L2TP by itself or over IPsec and corresponding security methods etc The router supports up to 32 VPN tunnels simultaneously The following figure shows the summary table The following figure shows the summary table ...

Page 354: ...o LAN profile The symbol represents that the profile is empty Active V means the profile has been enabled X means the profile has not been enabled Status Indicate the status of individual profiles The symbol V and X represent the profile to be active and inactive respectively To edit each profile 1 Click each index to edit each profile and you will get the following page Each LAN to LAN profile in...

Page 355: ... the drop down menu to choose a proper WAN interface for this profile This setting is useful for dial out only WAN1 First WAN2 First WAN3 First WAN4 First While connecting the router will use WAN1 WAN2 WAN3 WAN4 as the first channel for VPN connection If WAN1 WAN2 WAN3 WAN4 fails the router will use another WAN interface instead WAN1 Only WAN2 Only WAN 3 Only WAN 4 Only While connecting the router...

Page 356: ...ill drop the connection Enable PING to keep alive This function is to help the router to determine the status of IPsec VPN connection especially useful in the case of abnormal VPN IPsec tunnel disruption For details please refer to the note below Check to enable the transmission of PING packets to a specified IP address Enable PING to keep alive is used to handle abnormal IPsec VPN connection disr...

Page 357: ...d for TCP IP protocol header compression Normally set to On to improve bandwidth utilization IKE Authentication Method This group of fields is applicable for IPsec Tunnels and L2TP with IPsec Policy Pre Shared Key Input 1 63 characters as pre shared key Digital Signature X 509 Select one predefined Profiles set in the VPN and Remote Access IPsec Peer Identity Peer ID Select one of the predefined P...

Page 358: ... nine for Main mode We suggest you select the combination that covers the most schemes IKE phase 2 proposal To propose the local available algorithms to the VPN peers and get its feedback to find a match Three combinations are available for both modes We suggest you select the combination that covers the most algorithms IKE phase 1 key lifetime For security reason the lifetime of key should be def...

Page 359: ...Psec Tunnel Allow the remote dial in user to trigger an IPsec VPN connection through Internet L2TP with IPsec Policy Allow the remote dial in user to make a L2TP VPN connection through the Internet You can select to use L2TP alone or with IPsec Select from below None Do not apply the IPsec policy Accordingly the VPN connection employed the L2TP without IPsec policy can be viewed as one pure L2TP c...

Page 360: ...e set when you select IPsec tunnel either with or without specify the IP address of the remote node Pre Shared Key Check the box of Pre Shared Key to invoke this function and type in the required characters 1 63 as the pre shared key Digital Signature X 509 Check the box of Digital Signature to invoke this function and select one predefined Profiles set in the VPN and Remote Access IPsec Peer Iden...

Page 361: ... IP address is fixed by remote side specify the fixed IP address here Do not change the default value if you do not select PPTP or L2TP Remote Gateway IP This field is only applicable when you select PPTP or L2TP with or without IPsec policy above The default value is 0 0 0 0 which means the Vigor router will get a remote Gateway PPP IP address from the remote router during the IPCP negotiation ph...

Page 362: ...dress according to the settings configured here and block sessions which are not coming from the IP address defined in the Virtual IP Mapping list After checking the box of IPSec VPN with the Same subnet the options under TCP IP Network Settings will be changed as shown below Remote Network IP Remote Network Mask Add a static route to direct all traffic destined to this Remote Network IP Address R...

Page 363: ...two types for you to choose Whole Subnet Specific IP Address Virtual IP Mapping A pop up dialog will appear for you to specify the local IP address and the mapping virtual IP address 2 After finishing all the settings here please click OK to save the configuration ...

Page 364: ...tivated when initial connection of single VPN tunnel is off line Before setting VPN TRUNK VPN Backup mechanism backup profile please configure at least two sets of LAN to LAN profiles with fully configured dial out settings first otherwise you will not have selections for grouping Member1 and Member2 F Fe ea at tu ur re es s o of f V VP PN N T TR RU UN NK K V VP PN N L Lo oa ad d B Ba al la an nc ...

Page 365: ...K VPN Backup mechanism profile Member1 Display the dial out profile selected from the Member1 drop down list below Active Yes means normal condition No means the state might be disabled or that profile currently is set with Dial in mode for call direction in LAN to LAN Type Display the connection type for that profile such as IPsec PPTP L2TP L2TP over IPsec NICE L2TP over IPsec MUST and so on Memb...

Page 366: ...ofile Member1 Display the dial out profile selected from the Member1 drop down list below Active Yes means normal condition No means the state might be disabled or that profile currently is set with Dial in mode for call direction in LAN to LAN Type Display the connection type for that profile such as IPsec PPTP L2TP L2TP over IPsec NICE L2TP over IPsec MUST and so on Member2 Display the dial out ...

Page 367: ...he Status Enable or Disable profile name member1 or member2 Delete Click this button to delete the selected VPN TRUNK profile The corresponding members LAN to LAN profiles grouped in the deleted VPN TRUNK profile will be released and that profiles in LAN to LAN will be displayed in black T Ti im me e f fo or r a ac ct ti iv va at ti in ng g V VP PN N T TR RU UN NK K V VP PN N B Ba ac ck ku up p m ...

Page 368: ...e one of the LAN to LAN profiles from Member1 drop down list choose one of the LAN to LAN profiles from Member2 drop down list and click Add at last 4 Take a look for LAN to LAN profiles Index 1 is chosen as Member1 index 2 is chosen as Member2 For such reason LAN to LAN profiles of 1 and 2 will be expressed in red to indicate that they are fixed If you delete the VPN TRUNK VPN Backup Load Balance...

Page 369: ...rver 192 168 50 200 in the field of Peer GRE IP A Ad dv va an nc ce ed d L Lo oa ad d B Ba al la an nc ce e a an nd d B Ba ac ck ku up p After setting profiles for load balance you can choose any one of them and click Advance for more detailed configuration The windows for advanced load balance and backup are different Refer to the following explanation ...

Page 370: ...e It can be divided into Auto Weighted and According to Speed Ratio Auto Weighted can detect the device speed 10Mbps 100Mbps and switch with fixed value ratio 3 7 for packet transmission If the transmission rate for packets on both sides of the tunnels is the same the value of Auto Weighted should be 5 5 According to Speed Ratio allows user to adjust suitable rate manually There are 100 groups of ...

Page 371: ...binding tunnel table can be established UDP means when the source IP destination IP destination port and fragment conditions match with the settings specified here and UDP Service Port also fits the number here such binding tunnel table can be established TCP UPD means when the source IP destination IP destination port and fragment conditions match with the settings specified here and TCP UDP Serv...

Page 372: ...nding Des IP range Start and End Choose TCP UDP IGMP ICMP or Other as Binding Protocol A Ad dv va an nc ce ed d B Ba ac ck ku up p Available settings are explained as follows Item Description Profile Name List the backup profile name ERD Mode ERD means Environment Recovers Detection Normal choose this mode to make all dial out VPN TRUNK ...

Page 373: ...l VPN connections You may disconnect any VPN connection by clicking Drop button You may also aggressively Dial out by using Dial out Tool and clicking Dial button Available settings are explained as follows Item Description Dial out Tool General Mode This filed displays the profile configured in LAN to LAN with Index number and VPN Server IP address The VPN connection built by General Mode does no...

Page 374: ...es User s Guide 362 Dial Click this button to execute dial out function Refresh Seconds Choose the time for refresh the dial information among 5 10 and 30 Refresh Click this button to refresh the whole connection status ...

Page 375: ...t ti io on n o on n V Vi ig go or r R Ro ou ut te er r f fo or r H He ea ad d O Of ff fi ic ce e 1 Log into the web user interface of Vigor router 2 Open VPN and Remote Access LAN to LAN to create a LAN to LAN profile The following settings are for a permanent VPN connection 3 Click any index number to open the configuration page Type a name which is easy for identification for such profile in thi...

Page 376: ...N Server IP e g 218 242 130 19 in this case Press the IKE Pre Shared Key button to set the PSK and select Medium AH or High ESP as the security method 5 Continue to navigate to the TCP IP Network Settings for setting the LAN IP for remote side 6 Click OK to save the settings 7 Open VPN and Remote Access Connection Management to check the dial in connection status from branch office ...

Page 377: ...ccess LAN to LAN to create a LAN to LAN profile The following settings are for a permanent VPN connection 3 Click any index number to open the configuration page Type a name which is easy for identification for such profile in this case type VPN Client and check the box of Enable This Profile For such Vigor router will be set as a client the call direction shall be set as Dial out Check the box of...

Page 378: ...l service and type the remote server IP host name e g 218 242 133 91 in this case Press the IKE Pre Shared Key button to set the PSK and select Medium AH or High ESP as the security method 5 Continue to navigate to the TCP IP Network Settings for setting the LAN IP for the remote side 6 Click OK to save the settings ...

Page 379: ...VigorBX 2000 Series User s Guide 367 7 Open VPN and Remote Access Connection Management to check the dial in connection status from head office ...

Page 380: ... network is a form of VPN that can be used with a standard Web browser There are two benefits that SSL VPN provides It is not necessary for users to preinstall VPN client software for executing SSL VPN connection There are less restrictions for the data encrypted through SSL VPN in comparing with traditional VPN ...

Page 381: ...ect the HTTPS Port configuration set in System Maintenance Management In general the default setting is 443 Server Certificate When the client does not set any certificate default certificate will be used for HTTPS and SSL VPN server Choose any one of the user defined certificates from the drop down list if users set several certificates previously Otherwise choose Self signed to use the router s ...

Page 382: ...ve Display current status active or inactive of such profile Click number link under Index filed to set detailed configuration Available settings are explained as follows Item Description Name Type name of the profile The length of the name is limited to 15 characters URL Type the address function variation or IP address or path of the proxy server Host IP Address If you type function variation as...

Page 383: ...rivate port mapping to random WAN port There are two restrictions for proxy web server for such selection 1 it is only used for WAN to LAN access the web server must be configured behind vigor router 2 web server gateway must be indicated to vigor router In addition users must execute Connect manually in SSL Client Portal page SSL if you choose such selection web proxy over SSL will be applied for...

Page 384: ... explained as follows Item Description Name Display the application name of the profile that you create Host Address Display the IP address for VNC RDP or SMB path Service Display the type of the service selected e g VNC RDP SMB Active Display current status active or inactive of the selected profile To create a new SSL application profile 1 Click number link under Index filed to set detailed conf...

Page 385: ... you to access and control a remote PC through SMB service IP Address If you choose VNC or RDP you have to type the IP address for this protocol Port If you choose VNC or RDP you have to specify the port used for this protocol The default setting is 5900 Idle Timeout If you choose VNC you have to specify the time for disconnecting the SSL VPN tunnel Scaling If you choose VNC you have to choose the...

Page 386: ... guest network or web cafe The SSL technology is the same as the encryption that you use for secure web sites such as your online bank The SSL VPN can be operated in either full tunnel mode or proxy mode Now VigorBX 2000 series allows up to 16 simultaneous incoming users For SSL VPN identity authentication and power management are implemented through deploying user accounts Therefore the user acco...

Page 387: ... characters Password This field is applicable when you select PPTP or L2TP with or without IPsec policy above The length of the name password is limited to 19 characters Enable Mobile One Time Passwords mOTP Check this box to make the authentication with mOTP function PIN Code Type the code for authentication e g 1234 Secret Use the 32 digit secret number generated by mOTP in the mobile phone e g ...

Page 388: ...ng Block When there is conflict occurred between the hosts on both sides of VPN Tunnel in connecting such function can block data transmission of Netbios Naming Packet inside the tunnel Multicast via VPN Some programs might send multicast packets via VPN connection Pass Click this button to let multicast packets pass through the router Block This is default setting Click this button to let multica...

Page 389: ...d ESP means payload data will be encrypted and authenticated You may select encryption algorithm from Data Encryption Standard DES Triple DES 3DES and AES Local ID Specify a local ID to be used for Dial in setting in the LAN to LAN Profile setup This item is optional and can be used only in IKE aggressive mode After finishing all the settings here please click OK to save the configuration ...

Page 390: ...h profiles will be used by applications such as User Management VPN and etc Each item is explained as follows Item Description Set to Factory Default Click to clear all indexes Index Display the number of the client which connecting to FTP server Name Display the name of the group profile Click any index number link to open the following page for detailed configuration ...

Page 391: ...ess Remote Dial In User The enabled profiles will be listed in the Available User Account on the left box To add a profile into a group simply choose the one from the left box and click the button It will be displayed in the Selected User Account on the right box For detailed information about configuring the profile setting refer to Objects Setting IP Group RADIUS The RADIUS server will do the au...

Page 392: ...cess into DrayTek SSL VPN portal interface Next users can open SSL VPN Online Status to view logging status of SSL VPN Available settings are explained as follows Item Description Active User Display current user who visits SSL VPN server Host IP Display the IP address for the host Time out Display the time remaining for logging out Action You can click Drop to drop certain login user from the rou...

Page 393: ...igor router support digital certificates conforming to standard X 509 Any entity wants to utilize digital certificates should first request a certificate issued by a CA server It should also retrieve certificates of other trusted CA servers so it can authenticate the peer with certificates issued by those trusted CA servers Here you can manage generate and manage the local digital certificates and...

Page 394: ...o import a saved file as the certification information Refresh Click this button to refresh the information listed below View Click this button to view the detailed settings for certificate request Delete Click this button to delete selected name with certification information G GE EN NE ER RA AT TE E Click this button to open Generate Certificate Signing Request window Type in all the information...

Page 395: ...RT T Vigor router allows you to generate a certificate request and submit it the CA server then import it as Local Certificate If you have already gotten a certificate from a third party you may import it directly The supported types are PKCS12 Certificate and Certificate with a private key Click this button to import a saved file as the certification information There are three types of local cer...

Page 396: ...own as OK Upload PKCS12 Certificate It allows users to import the certificate whose extensions are usually pfx or p12 And these certificates usually need passwords Note PKCS12 is a standard for storing private keys and certificates securely It is used in among other things Netscape and Microsoft Internet Explorer with their import and export options Upload Certificate and Private Key It is useful ...

Page 397: ...ettings for certificate request Info You have to copy the certificate request information from above window Next access your CA server and enter the page of certificate request copy the information into it and submit a request A new certificate will be issued to you by the CA server You can save it D De el le et te e Click this button to remove the selected certificate ...

Page 398: ...ate from a trusted root certificate authority is complicated and time consuming Therefore Vigor router offers a mechanism which allows you to generate root CA to save time and provide convenience for general user Later such root CA generated by DrayTek server can perform the issuing of local certificate Info Root CA can be deleted but not edited If you want to modify the settings for a Root CA ple...

Page 399: ...n the following window Use Browse to find out the saved text file Then click Import The one you imported will be listed on the Trusted CA Certificate window For viewing each trusted CA certificate click View to open the certificate detail information window If you want to delete a CA certificate choose the one and click Delete to remove all the certificate information ...

Page 400: ...tificate for this router can be saved within one file Please click Backup on the following screen to save them If you want to set encryption password for these certificates please type characters in both fields of Encrypt password and Confirm password Also you can use Restore to retrieve these two settings to the router whenever you want ...

Page 401: ...urity has been always the most concerned The firewall of the Vigor router helps to protect your local network against attack from unauthorized outsiders It also restricts users in the local network from accessing the Internet CSM is an abbreviation of Central Security Management which is used to control IM P2P usage filter the web content and URL content to reach a goal of security management ...

Page 402: ...enies unsolicited incoming data Selectable Denial of Service DoS Distributed DoS DDoS attacks protection I IP P F Fi il lt te er rs s Depending on whether there is an existing Internet connection or in other words the WAN link status is up or down the IP filter architecture categorizes traffic into two Call Filter and Data Filter Call Filter When there is no existing Internet connection Call Filte...

Page 403: ... exhaust all your system s resource while the vulnerability attacks will try to paralyze the system by offending the vulnerabilities of the protocol or operation system The DoS Defense function enables the Vigor router to inspect every incoming packet based on the attack signature database Any malicious packet that might duplicate itself to paralyze the host in the secure LAN will be strictly bloc...

Page 404: ...our filter set can be linked to work in a serial manner So here you assign the Start Filter Set only Also you can configure the Log Flag settings Apply IP filter to VPN incoming packets and Accept incoming fragmented UDP packets Click Firewall and click General Setup to open the general setup page G Ge en ne er ra al l S Se et tu up p P Pa ag ge e Such page allows you to enable disable Call Filter...

Page 405: ...he sake of security the router will execute strict security checking for data transmission Such feature is enabled in default All the packets while transmitting through Vigor router will be filtered by firewall If the firewall system e g content filter server does not make any response pass or block for these packets then the router s firewall will block the packets directly Block routing packet f...

Page 406: ...m Description Filter Select Pass or Block for the packets that do not match with the filter rules Sessions Control The number typed here is the total sessions of the packets that do not match the filter rule configured in this page The default setting is 60000 Quality of Service Choose one of the QoS rules to be applied as firewall rule For detailed information of setting QoS please refer to the r...

Page 407: ...t one profile for choosing in CSM URL Content Filter web page first Or choose Create New from the drop down list in this page to create a new profile For troubleshooting needs you can specify to record information for URL Content Filter by checking the Log box It will be sent to Syslog server Please refer to section Syslog Mail Alert for more detailed information Web Content Filter Select one of t...

Page 408: ...sed Please use the drop down list to choose a codepage If you do not have any idea of choosing suitable codepage please open Syslog From Codepage Information of Setup dialog you will see the recommended codepage listed on the dialog box Window size It determines the size of TCP protocol 0 65535 The more the value is the better the performance will be However if the network is not stable small valu...

Page 409: ...lows Item Description Filter Rule Click a button numbered 1 7 to edit the filter rule Click the button will open Edit Filter Rule web page For the detailed information refer to the following page Active Enable or disable the filter rule Comment Enter filter set comments description Maximum length is 23 character long Move Up Down Use Up or Down link to move the order of the filter rules Next Filte...

Page 410: ...ou may choose up to 4 schedules out of the 15 schedules pre defined in Applications Schedule setup The default setting of this field is blank and the function will always work Clear sessions when schedule ON Check this box to clear the sessions when the above schedule profiles are applied Direction Set the direction of packet flow It is for Data Filter only For the Call Filter this setting is not ...

Page 411: ... defined groups or objects please choose Group and Objects as the Address Type From the IP Group drop down list choose the one that you want to apply Or use the IP Object drop down list to choose the object that you want Service Type Click Edit to access into the following dialog to choose a suitable service type To set the service type manually please choose User defined as the Service Type and t...

Page 412: ...ort to contain a complete header Filter Specifies the action to be taken when packets match the rule Block Immediately Packets matching the rule will be dropped immediately Pass Immediately Packets matching the rule will be passed immediately Block If No Further Match A packet matching the rule and that does not match further rules will be dropped Pass If No Further Match A packet matching the rul...

Page 413: ...profile settings created in CSM URL Content Filter for applying with this router Please set at least one profile for choosing in CSM URL Content Filter web page first Or choose Create New from the drop down list in this page to create a new profile For troubleshooting needs you can specify to record information for URL Content Filter by checking the Log box It will be sent to Syslog server Please ...

Page 414: ...oose a codepage If you do not have any idea of choosing suitable codepage please open Syslog From Codepage Information of Setup dialog you will see the recommended codepage listed on the dialog box Window size It determines the size of TCP protocol 0 65535 The more the value is the better the performance will be However if the network is not stable small value will be proper Session timeout Settin...

Page 415: ... Checking is not enabled then the packets will pass through the router E Ex xa am mp pl le e As stated before all the traffic will be separated and arbitrated using on of two IP filters call filter or data filter You may preset 12 call filters and data filters in Filter Setup and even link them in a serial manner Each filter set is composed by 7 filter rules which can be further defined After that...

Page 416: ...xceeded the defined value the Vigor router will start to randomly discard the subsequent TCP SYN packets for a period defined in Timeout The goal for this is prevent the TCP SYN packets attempt to exhaust the limited resource of Vigor router By default the threshold and timeout values are set to 2000 packets per second and 10 seconds respectively That means when 2000 packets per second received th...

Page 417: ...der The reason for limitation is IP option appears to be a vulnerability of the security for the LAN because it will carry significant information such as security TCC closed user group parameters a series of Internet addresses routing messages etc An eavesdropper outside might learn the details of your private networks Block Land Check the box to enforce the Vigor router to defense the Land attac...

Page 418: ...is attacking activity Block ICMP Fragment Check the box to activate the Block ICMP fragment function Any ICMP packets with more fragment bit set are dropped Block Unassigned Numbers Check the box to activate the Block Unknown Protocol function Individual IP packet has a protocol field in the datagram header to indicate the protocol type running over the upper layer However the protocol types great...

Page 419: ...VigorBX 2000 Series User s Guide 407 ...

Page 420: ...68 1 10 192 168 1 20 accessing to Internet through Vigor router Others e g 192 168 1 31 and 192 168 1 32 outside the range can get the source from LAN only The way we can use is to set two rules under Firewall For Rule 1 of Set 2 under Firewall Filter Setup is used as the default setting we have to create a new rule starting from Filter Rule 2 of Set 2 1 Access into the web user interface of Vigor...

Page 421: ...o Filter Rule 7 If Block If No Further Match for is selected for Filter the firewall of the router would check the packets with the rules starting from Rule 3 to Rule 7 The packets not matching with the rules will be processed according to Rule 2 4 Next set another rule Just open Firewall Filter Setup Click the Set 2 link and choose the Filter Rule 3 button 5 Check the box of Check to enable the F...

Page 422: ...ist Type 192 168 1 10 in the field of Start IP and type 192 168 1 20 in the field of End IP Then click OK to save the settings The computers within the range can access into the Internet 7 Now check the content of Source IP is correct or not The action for Filter shall be set with Pass Immediately Then click OK to save the settings ...

Page 423: ...00 Series User s Guide 411 8 Both filter rules have been created Click OK Now all the settings are configured well Only the computers with the IP addresses within 192 168 1 10 192 168 1 20 can access to Internet ...

Page 424: ... checks the URL strings or some of HTTP data hiding in the payload of TCP packets while legacy firewall inspects packets based on the fields of TCP IP headers only On the other hand Vigor router can prevent user from accidentally downloading malicious codes from web pages It s very common that malicious codes conceal in the executable objects such as ActiveX Java Applet compressed files and other ...

Page 425: ...ile will be applied in Default Rule of Firewall General Setup for filtering Available settings are explained as follows Item Description Set to Factory Default Clear all profiles Profile Display the number of the profile which allows you to click to set different policy Name Display the name of the APP Enforcement Profile Click the number under Index column for settings in detail There are four ta...

Page 426: ...t is 15 characters Select All Click it to choose all of the items in this page Clear All Uncheck all the selected boxes Enable Check the box to select the APP to be blocked by Vigor router Adv A button under Enable check box allows you to open a pop up window to specify activity for that APP The profiles configured here can be applied in the Firewall General Setup and Firewall Filter Setup pages a...

Page 427: ...VigorBX 2000 Series User s Guide 415 Below shows the items which are categorized under Protocol The items categorized under P2P ...

Page 428: ...VigorBX 2000 Series User s Guide 416 The items categorized under OTHERS ...

Page 429: ...gs are explained as follows Item Description Upgrade Setting APPE Module Version Display current version status of APPE signature New version from the Internet Download button is available only when Vigor router detects new APPE version After clicking it a dialog will appear with information added to such new version Click OK to exit the dialog and start the signature upgrade Upgrade via interface...

Page 430: ...ted only environment hence to increase the employee work efficiency How can URL Content Filter work better than traditional firewall in the field of filtering Because it checks the URL strings or some of HTTP data hiding in the payload of TCP packets while legacy firewall inspects packets based on the fields of TCP IP headers only On the other hand Vigor router can prevent user from accidentally d...

Page 431: ... URL Content Filter Profile Administration Message You can type the message manually for your necessity Default Message You can type the message manually for your necessity or click this button to get the default message which will be displayed on the field of Administration Message You can set eight profiles as URL content filter Simply click the index number under Profile to open the following w...

Page 432: ...feature second Either Web Feature First When all the packages matching with the conditions specified in URL Access Control and Web Feature below such function can determine the priority for the actions executed For this one the router will process the packages with the conditions set below for web feature first then URL second Log None There is no log file will be recorded for this profile Pass On...

Page 433: ...al length of each frame is 32 character long After specifying keywords the Vigor router will decline the connection request to the website whose URL string matched to any user defined keyword It should be noticed that the more simplified the blocking keyword list is the more efficiently the Vigor router performs Web Feature Enable Restrict Web Feature Check this box to make the keyword being block...

Page 434: ...myvigor draytek com for using corresponding service Please refer to section of creating MyVigor account WCF adopts the mechanism developed and offered by certain service provider e g DrayTek No matter activating WCF feature or getting a new license for web content filter you have to click Activate to satisfy your request Be aware that service provider matching with Vigor router currently offers a ...

Page 435: ...b content filter profile Setup Test Server It is recommended for you to use the default setting auto selected Find more Click it to open http myvigor draytek com for searching another qualified and suitable server Test a site to verify whether it is categorized Click this link to do the verification Set to Factory Default Click this link to retrieve the factory settings Default Message You can typ...

Page 436: ...outer When the user tries to access the same destination ID the router will check it by comparing the record stored If it matches the page will be retrieved quickly Such item can provide URL matching with the fastest rate L1 L2 Cache the router will check the URL with fast processing rate combining the feature of L1 and L2 Eight profiles are provided here as Web content filters Simply click the in...

Page 437: ...bpage with the characters listed on Group Object Selections If the web pages do not match with the specified feature set here they will be processed with the categories listed on the box below Action Pass allow accessing into the corresponding webpage with the categories listed on the box below Block restrict accessing into the corresponding webpage with the categories listed on the box below If t...

Page 438: ...applied to DNS query from clients on LAN However if the external DNS server is used DNS Filter Profile will be applied to DNS query coming from clients on LAN Info For DNS filter must use the WCF service profile to filter the packets therefore WCF license must be activated first Otherwise DNS filter does not have any effect on packets Available settings are explained as follows Item Description DN...

Page 439: ...lock Only the log about Block will be recorded in Syslog All All the actions Pass and Block will be recorded in Syslog Service WCF Set the filtering conditions Service UCF Set the filtering conditions Cache Time hour Set the time for DNS query Enable Block Page If such function is enabled when DNS packets are blocked by DNS filter a web page containing the description listed on Administration Mess...

Page 440: ...s several useful services such as Anti Spam Web Content Filter Anti Intrusion and etc to filtering the web pages for the sake of protecting your system To access into MyVigor for getting more information please create an account for MyVigor C Cr re ea at te e a an n A Ac cc co ou un nt t v vi ia a V Vi ig go or r R Ro ou ut te er r 1 Click CSM Web Content Filter Profile The following page will app...

Page 441: ...eries User s Guide 429 2 Click the Activate link A login page for MyVigor web site will pop up automatically 3 Click the link of Create an account now 4 Check to confirm that you accept the Agreement and click Accept ...

Page 442: ...VigorBX 2000 Series User s Guide 430 5 Type your personal information in this page and then click Continue 6 Choose proper selection for your computer and click Continue ...

Page 443: ...START 8 Check to see the confirmation email with the title of New Account Confirmation Letter from myvigor draytek com 9 Click the Activate my Account link to enable the account that you created The following screen will be shown to verify the register process is finished Please click Login ...

Page 444: ...word 11 Now click Login Your account has been activated You can access into MyVigor server to activate the service e g WCF that you want C Cr re ea at te e a an n A Ac cc co ou un nt t v vi ia a M My yV Vi ig go or r W We eb b S Si it te e 1 Access into http myvigor draytek com Find the line of Not registered yet Then click the link Click here to access into next page ...

Page 445: ...o confirm that you accept the Agreement and click Accept 3 Type your personal information in this page and then click Continue 4 Choose proper selection for your computer and click Continue 5 Now you have created an account successfully Click START ...

Page 446: ...irmation email with the title of New Account Confirmation Letter from myvigor draytek com 7 Click the Activate my Account link to enable the account that you created The following screen will be shown to verify the register process is finished Please click Login ...

Page 447: ...nd password that you just created in the fields of UserName and Password Then type the code in the box of Auth Code according to the value displayed on the right side of it Now click Login Your account has been activated You can access into MyVigor server to activate the service e g WCF that you want ...

Page 448: ...l lt te er r There are two ways to block the facebook service Web Content Filter and URL Content Filter Web Content Filter Benefits Easily and quickly implement the category website that you want to block Note License is required URL Content Filter Benefits Free flexible for customize webpage Note Manual setting e g one keyword for one website I I V Vi ia a W We eb b C Co on nt te en nt t F Fi il ...

Page 449: ...VigorBX 2000 Series User s Guide 437 2 Open CSM Web Content Filter Profile to create a WCF profile Check Social Networking with Action Block 3 Enable this profile in Firewall General Setup Default Rule ...

Page 450: ... URL Content Filter A Block the web page containing the word of Facebook 1 Open Object Settings Keyword Object Click an index number to open the setting page 2 In the field of Contents please type facebook Configure the settings as the following figure 3 Open CSM URL Content Filter Profile Click an index number to open the setting page 4 Configure the settings as the following figure ...

Page 451: ...nished the above steps click OK Then open Firewall General Setup 6 Click the Default Rule tab Choose the profile just configured from the drop down list in the field of URL Content Filter Now users cannot open any web page with the word facebook inside ...

Page 452: ...umber to open the setting page 2 In the field of Contents please type apps facebook Configure the settings as the following figure 3 Open CSM URL Content Filter Profile Click an index number to open the setting page 4 Configure the settings as the following figure 5 When you finished the above steps please open Firewall General Setup ...

Page 453: ...0 Series User s Guide 441 6 Click the Default Rule tab Choose the profile just configured from the drop down list in the field of URL Content Filter Now users cannot open any web page with the word facebook inside ...

Page 454: ...VigorBX 2000 Series User s Guide 442 This page is left blank ...

Page 455: ...eeting Configuration Backup Syslog Mail Alert Time and Date Management Reboot System Firmware Upgrade and Activation It is used to control the bandwith of data transmission through configuration of Sessions Limit Bandwidth Limit and Quality of Servie QoS It is a security feature which disallows any IP traffic except DHCP related packets from a particular host until that host has correctly supplied...

Page 456: ...em setup there are several items that you have to know the way of configuration System Status TR 069 Administrator Password User Password Login Page Greeting Configuration Backup Syslog Mail Alert Time and Date Management Reboot System Firmware Upgrade and Activation Below shows the menu items for System Maintenance ...

Page 457: ...lated information from this presentation Available settings are explained as follows Item Description Model Name Display the model name of the router Firmware Version Display the firmware version of the router Build Date Time Display the date and time of the current firmware build LAN MAC Address Display the MAC address of the LAN Interface IP Address Display the IP address of the LAN interface Su...

Page 458: ...splay the connection type IP Address Display the IP address of the WAN interface Default Gateway Display the assigned IP address of the default gateway IPv6 Address Display the IPv6 address for LAN Scope Display the scope of IPv6 address For example IPv6 Link Local could only be used for direct IPv6 link It can t be used for IPv6 internet Internet Access Mode Display the connection mode chosen for...

Page 459: ...d according to the ACS Auto Configuration Server you want to link Please refer to Auto Configuration Server user s manual for detailed information Test With Inform Click it to send a message based on the event code selection to test if such CPE is able to communicate with VigorACS SI server Event Code Use the drop down menu to specify an event to perform the test Last Inform Response Time Display ...

Page 460: ...nable please type the relational settings listed below Server IP Type the IP address of the STUN server Server Port Type the port number of the STUN server Minimum Keep Alive Period If STUN is enabled the CPE must send binding request to the server for the purpose of maintaining the binding in the Gateway Please type a number as the minimum period The default setting is 60 seconds Maximum Keep Ali...

Page 461: ...assword in this field The length of the password is limited to 23 characters Confirm Password Type in the new password again Administrator Local User The administrator can login web user interface of Vigor router to modify all of the settings to fit the requirements This feature allows other user in LAN who can access into the web user interface with the same privilege of the administrator Local U...

Page 462: ...m Wan The default setting is enabled It can ensure any user accessing into web user interface of Vigor router through Internet by username password of admin admin Administrator LDAP Setting Enable LDAP AD login for Admin users If it is enabled any user can access into the web user interface of Vigor router through the LDAP server authentication Enable Admin Login From Wan The default setting is en...

Page 463: ... interface accessed by using the administrator password Password Type in new password in this field The length of the password is limited to 31 characters Confirm Password Type in the new password again Set to Factory Default Click to return to the factory default setting When you click OK the login window will appear Please use the new password to access into the web user interface again Below sh...

Page 464: ...owing screen will appear Simply click OK 4 Log out Vigor router web user interface by clicking the Logout button 5 The following window will be open to ask for username and password Type the new user password in the filed of Password and click Login ...

Page 465: ...n with User Mode will be shown as follows Settings to be configured in User Mode will be less than settings in Admin Mode Only basic configuration settings will be available in User Mode Info Setting in User Mode can be configured as same as in Admin Mode ...

Page 466: ...lows Item Description Enable Check this box to enable the login customization function Login Page Title Type a brief description e g Welcome to DrayTek which will be shown on the heading of the login dialog Welcome Message and Bulletin Type words or sentences here It will be displayed for bulletin message In addition it can be displayed on the login dialog at the bottom Note that do not type URL r...

Page 467: ...VigorBX 2000 Series User s Guide 455 ...

Page 468: ...a file to be restored Do not restore password from the configuration file If the password settings shall not be restored and applied to VigorBX 2000 simply check this box to get rid of password settings Click Restore to restore the configuration If the file is encrypted the system will ask you to type the password to decrypt the configuration file Backup Click it to perform the configuration backu...

Page 469: ...n file of Vigor2820 Vigor2830 Vigor2850 is accepted for VigorBX 2000 This field displays model name s and firmware which web configuration file saved can be used by such router 2 Click Backup button to get into the following dialog Click Save button to open another dialog for saving configuration as a file 3 In Save As dialog the default filename is config cfg You could give it another name by you...

Page 470: ...tly The Configuration Backup does not include information of Certificate R Re es st to or re e C Co on nf fi ig gu ur ra at ti io on n 1 Go to System Maintenance Configuration Backup The following windows will be popped up as shown below 2 Click Choose File button to choose the correct configuration file for uploading to the router 3 Click Restore button and wait for few seconds the following pict...

Page 471: ...isplay the name for such router configured in System Maintenance Management If there is no name here simply lick the link to access into System Maintenance Management to set the router name Server IP Address The IP address of the Syslog server Destination Port Assign a port for the Syslog protocol Mail Syslog Check the box to recode the mail event on Syslog Enable syslog message Check the box list...

Page 472: ...ide Use SSL Check this box to use port 465 for SMTP server for some e mail server uses https as the transmission method Authentication Check this box to activate this function while using e mail application User Name Type the user name for authentication Password Type the password for authentication Enable E mail Alert Check the box to send alert message to the e mail box while the router detectin...

Page 473: ... 461 3 From the Syslog screen select the router you want to monitor Be reminded that in Network Information select the network adapter used to connect to the router Otherwise you won t succeed in retrieving information from the router ...

Page 474: ...e Use Internet Time Select to inquire time information from Time Server on the Internet using assigned protocol Time Server Type the web site of the time server Priority Choose Auto or IPv6 First as the priority Time Zone Select the time zone where the router is located Enable Daylight Saving Check the box to enable the daylight saving Such feature is available for certain area Advanced Click it t...

Page 475: ...t MD5 and SHA for the management needs Available settings are explained as follows Item Description Enable SNMP Agent Check it to enable this function Get Community Set the name for getting community by typing a proper character The default setting is public The maximum length of the text is limited to 23 characters Set Community Set community by typing a proper name The default setting is private...

Page 476: ...IPv6 Set the IPv6 address of the host that will receive the trap community Trap Timeout The default setting is 10 seconds Enable SNMPV3 Agent Check it to enable this function USM User USM means user based security mode Type a username which will be used for authentication The maximum length of the text is limited to 23 characters Auth Algorithm Choose one of the encryption methods listed below as ...

Page 477: ...etup CVM Access Control and Device Management The management pages for IPv4 and IPv6 protocols are different F Fo or r I IP Pv v4 4 Available settings are explained as follows Item Description Router Name Type in the router name provided by ISP Default Disable Auto Logout If it is enabled the function of auto logout for web user interface will be disabled The web user interface will be open until ...

Page 478: ... Check to specify user defined port numbers for the Telnet HTTP HTTPS FTP TR 069 and SSH servers Default Ports Check to use standard port numbers for the Telnet and HTTP servers TLS SSL Encryption Setup Enable SSL 3 0 Check the box to enable the function of SSL 3 0 if required Due to security consideration the built in HTTPS and SSL VPN server of the router had upgraded to TLS1 x protocol If you a...

Page 479: ...nternet Check the box es to specify Enable PING from the Internet Check the checkbox to enable all PING packets from the Internet For security issue this function is disabled by default Access List You could specify that the system administrator can only login from a specific host or network defined in the list A maximum of three IPs subnet masks is allowed List index in IPv6 Object Type the index...

Page 480: ...N interface There are several servers provided by the system which allow you to manage the router from LAN interface Check the box es to specify Apply To Subnet Check the LAN interface for the administrator to use for accessing into web user interface of Vigor router Index in IP Object Type the index number of the IP object profile Related IP address will appear automatically After finished the ab...

Page 481: ...Schedule web page and you can use the number that you have set in that web page If you want to reboot the router using the current configuration check Using current configuration and click Reboot Now To reset the router settings to default values check Using factory default configuration and click Reboot Now The router will take 5 seconds to reboot the system Info When the system pops up Reboot Sy...

Page 482: ...yTek s web site and FTP site is ftp DrayTek com Click System Maintenance Firmware Upgrade to launch the Firmware Upgrade Utility Choose the right firmware by clicking Select Then click Upgrade The system will upgrade the firmware of the router automatically Click OK The following screen will appear Please execute the firmware upgrade utility first For the detailed information about firmware update...

Page 483: ...ation After you have finished the setting profiles for WCF refer to Web Content Filter Profile it is the time to activate the mechanism for your computer Click System Maintenance Activation to open the following page for accessing http myvigor draytek com Available settings are explained as follows Item Description Activate via Interface Choose WAN interface used by such device for activating Web ...

Page 484: ...VigorBX 2000 Series User s Guide 472 Below shows the successful activation of Web Content Filter ...

Page 485: ...s required and sufficient bandwidth to meet performance expectations is indeed one important aspect of modern enterprise network One reason for QoS is that numerous TCP based applications tend to continually increase their transmission rate and consume all available bandwidth which is called TCP slow start If other applications are not protected by QoS it will detract much from their performance i...

Page 486: ...ervice License Agreement SLA with other DS domain owners to define the service level provided toward traffic from different domains Then each DS node in these domains will perform the priority treatment This is called per hop behavior PHB The definition of PHB includes Expedited Forwarding EF Assured Forwarding AF and Best Effort BE AF defines the four classes of delivery or forwarding classes and...

Page 487: ...Management menu click Sessions Limit to open the web page To activate the function of limit session simply click Enable and set the default session limit Available settings are explained as follows Item Description Session Limit Enable Click this button to activate the function of limit session Disable Click this button to close the function of limit session Default session limit Defines the defau...

Page 488: ...ach index Add Adds the specific session limitation onto the list above Edit Allows you to edit the settings for the selected limitation Delete Remove the selected settings existing on the limitation list Administration Message Type the words which will be displayed when reaches the maximum number of Internet sessions permitted Default Message Click this button to apply the default message offered ...

Page 489: ...k this button to activate the function of limit bandwidth IP Routed Subnet Check this box to apply the bandwidth limit to the second subnet specified in LAN General Setup Disable Click this button to close the function of limit bandwidth Default TX limit Define the default speed of the upstream for each computer in LAN Default RX limit Define the default speed of the downstream for each computer i...

Page 490: ...eed for the specific limitation you set for each index Add Add the specific speed limitation onto the list above Edit Allow you to edit the settings for the selected limitation Delete Remove the selected settings existing on the limitation list Smart Bandwidth Limit Check this box to have the bandwidth limit determined by the system automatically TX limit Define the limitation for the speed of the...

Page 491: ...tion that such function will influence Class 1 Class2 Class 3 Others Display the bandwidth percentage for each class UDP Bandwidth Control Display the UDP bandwidth control is enabled or not Online Statistics Display an online statistics for quality of service for your reference Setup Allow to configure general QoS setting for WAN interface Class Rule Index Display the class number that you can ed...

Page 492: ... interface As to class rule simply click the Edit link to access into next for configuration You can configure general setup for the WAN interface edit the Class Rule and edit the Service Type for the Class Rule for your request O On nl li in ne e S St ta at ti is st ti ic cs s Display an online statistics for quality of service for your reference This feature is available only when the Quality of...

Page 493: ...lick Setup link again You will see the Online Statistics link appearing on this page WAN Inbound Bandwidth It allows you to set the connecting rate of data input for WAN2 WAN3 For example if your ADSL supports 1M of downstream and 256K upstream please set 1000kbps for this box The default value is 10000kbps WAN Outbound Bandwidth It allows you to set the connecting rate of data output for WAN2 WAN...

Page 494: ... bandwidth to ensure correct calculation of QoS It is suggested to set the bandwidth value for inbound outbound as 80 85 of physical network speed provided by ISP to maximize the QoS performance E Ed di it t t th he e C Cl la as ss s R Ru ul le e f fo or r Q Qo oS S 1 The first three Class 1 to Class 3 class rules can be adjusted for your necessity To add edit or delete the class rule please click...

Page 495: ...l in Start IP address For Range Address you have to fill in Start IP address and End IP address For Subnet Address you have to fill in Start IP address and Subnet Mask DiffServ CodePoint All the packets of data will be divided with different levels and will be processed according to the level type by the system Please assign one of the levels of the data for processing with QoS control Service Typ...

Page 496: ...ton of that one and click Edit to open the rule edit page for modification E Ed di it t t th he e S Se er rv vi ic ce e T Ty yp pe e f fo or r C Cl la as ss s R Ru ul le e 1 To add a new service type edit or delete an existed service type please click the Edit link under Service Type field 2 After you click the Edit link you will see the following page ...

Page 497: ... After finishing all the settings here please click OK to save the configuration By the way you can set up to 10 service types If you want to edit delete an existed service type please select the radio button of that one and click Edit Edit for modification R Re et ta ag g t th he e P Pa ac ck ke et ts s f fo or r I Id de en nt ti if fi ic ca at ti io on n Packets coming from LAN IP can be retagge...

Page 498: ... helps you to well allocate the bandwidth upon your demand of Voice Video or Data transferring Let s see how to get the optimum bandwidth per your request by using DrayTek Vigor router as below Scenario The Internet connection you got from ISP line is 2MB 512Kb There are VoIP telephony network IPTV set top box and data server at your home Assume you want to allocate 30 of the bandwidth you got to ...

Page 499: ...Click Edit to specify the local address 5 In the pop up window choose Range Address as the Address Type and type the start IP address and end IP address in relational fields Click OK to save the settings and exit the window 6 Click OK again to save the settings ...

Page 500: ...BX 2000 Series User s Guide 488 7 The class rule for VoIP has been set Click OK to return to previous page 8 Do the same steps to add class rules for IPTV and Data Email with IP addresses as shown below and ...

Page 501: ...he bandwidth for different groups among VoIP IPTV and Data Email 10 In the Setup page check the box of Enable the QoS Control Type 30 50 and 15 in the boxes for VoIP IPTV and Data Email respectively Check the box of Enable UDP Bandwidth Control 11 Click OK to save the settings The class rules for WAN1 are defined as shown below ...

Page 502: ... Vigor router at home to connect to the server in the headquarter office downtown via either HTTPS or V PN to check email and access internal database Meanwhile children may chat on Skype in the restroom 1 Go to Bandwidth Management Quality of Service 2 Click Setup link of WAN 1 2 3 Make sure the QoS Control on the left corner is checked And select BOTH in Direction 3 Set Inbound Outbound bandwidt...

Page 503: ...aximize the QoS performance 4 Return to previous page Enter the Name of Index Class 1 by clicking Edit link Type the name E mail for Class 1 Click OK to save the settings 5 Click the Setup link for WAN2 The user can set reserved bandwidth e g 25 for E mail using protocol POP3 and SMTP Click OK to save the settings 6 Return to previous page Enter the Name of Index Class 2 by clicking Edit link In t...

Page 504: ...le UDP Bandwidth Control on the bottom to prevent enormous UDP traffic influence other application Click OK 9 If the worker has connected to the headquarter using host to host VPN tunnel Please refer to Chapter 3 VPN for detail instruction he may set up an index for it Enter the ...

Page 505: ...me of Index 3 In this index he will set reserved bandwidth for 1 VPN tunnel 10 Click Edit for Class 3 to open a new window In this index the user will set reserved bandwidth for VPN 11 Click Add to open the following window Check the ACT box first ...

Page 506: ...VigorBX 2000 Series User s Guide 494 12 Then click Edit of Local Address to set a worker s subnet address Click Edit of Remote Address to set headquarter s IP address Leave other fields and click OK ...

Page 507: ... user account Network administrator can give different firewall policies or rules for different hosts with different User Management accounts This is more flexible and convenient for network management Not only offering the basic checking for Internet access User Management also provides additional firewall rules e g CSM checking for protecting hosts Info Filter rules configured under Firewall usu...

Page 508: ...fluence the contents of the filter rule s applied to every user Available settings are explained as follows Item Description Mode There are two modes offered here for you to choose Each mode will bring different filtering effect to the users involved User Based If you choose such mode the router will apply the filter rules configured in User Management User Profile to the users Rule Based If you c...

Page 509: ...2 pixel to have an image of enterprise or have the effect of advertisement Login Page Greeting Such link allows you to access into the setting page for login greeting For detailed information refer to System Maintenance Login Page Greeting Display IP Address on tracking window Check the box to display the IP address of the client on the tracking window Landing Page Type the information to be displ...

Page 510: ...profiles up to 200 which will be applied for users controlled under User Management Simply open User Management User Profile To set the user profile please click any index number link to open the following page Notice that profile 1 admin and profile 2 Dial In User are factory default settings Profile 2 is reserved for future use ...

Page 511: ...d again for confirmation Idle Timeout If the user is idle over the limitation of the timer the network connection will be stopped for such user By default the Idle Timeout is set to 10 minutes Max User Login Such profile can be used by many users You can set the limitation for the number of users accessing Internet with the conditions of such profile The default setting is 0 which means no limitat...

Page 512: ...he user name and password specified in this profile he she will be lead into the web page configured in Landing Page field in User Management General Setup Check this box to enable such function Index 1 15 in Schedule Setup You can type in four sets of time schedule for your request All the schedules can be set previously in Application Schedule web page and you can use the number that you have se...

Page 513: ...rofile Reset quota to default when scheduling time expired Set default time quota and data quota for such profile When the scheduling time is up the router will use the default quota settings automatically Enable Check it to use the default setting for time quota and data quota Default Time Quota Type the value for the time manually Default Data Quota Type the value for the data manually After fin...

Page 514: ... number link to open the following page Available settings are explained as follows Item Description Name Type a name for this user group Available User Objects You can gather user profiles objects from User Profile page within one user group All the available user objects that you have created will be shown in this box Notice that user object Admin and Dial In User are factory settings User defin...

Page 515: ...on Refresh Seconds Use the drop down list to choose the time interval of refreshing data flow that will be done by the system automatically Refresh Click this link to refresh this page manually Index Display the number of the data flow User Display the users which connect to Vigor router currently You can click the link under the username to open the user profile setting page for that user IP Addr...

Page 516: ...splay the quota for data transmission Idle Time Display the idle timeout setting for such profile Action Block can avoid specified user accessing into Internet Unblock allow the user to access into Internet Logout the user will be logged out forcefully ...

Page 517: ...em me en nt t Before using the function of User Management please make sure User Based has been selected as the Mode in the User Management General Setup page With User Management authentication function before a valid username and password have been correctly supplied a particular client will not be allowed to access Internet through the router There are three ways for authentication Web Telnet a...

Page 518: ... s Web authentication interface first Then the client is trying to access http www draytek com and but brought to the Vigor router Since this is an SSL connection some web browsers will display warning messages With Microsoft Internet Explorer you may get the following warning message Please press Continue to this website not recommended With Mozilla Firefox you may get the following warning messa...

Page 519: ...de 507 With Chrome browser you may get the following warning Click Proceed anyway After that the web authentication window will appear Input the user name and the password for your account defined in User Management and click Login ...

Page 520: ... is failed you will get the error message The username or password you entered is incorrect Please login again In above description you access an external web site to trigger the authentication You may also directly access the router s Web UI for authentication Both HTTP and HTTPS are supported for example http 192 168 1 1 or https 192 168 1 1 Replace 192 168 1 1 with your router s real IP address...

Page 521: ...tek com You may change it if you want For example you will get the following welcome message if you enter Login Successful in the Welcome Message table Also you will get a Tracking Window if you don t block the pop up window Don t setup a user profile in User Management and a VPN Remote Dial in user profile with the same Username Otherwise you may get unexpected result It is because the ...

Page 522: ...create a user profile in User Management with chaochen test as username password while a VPN Remote Dial in user profile with the same username chaochen but a different password 1234 you will always get error message The username or password you entered is incorrect when you use chaochen test via Web to do authentication If SSL Tunnel or SSL Web Proxy is disabled in the VPN profile a User Manageme...

Page 523: ...account name for the authentication 2 Type the password for authentication and press Enter The message User login successful will be displayed with the expired time if configured Info Here expired time is Unlimited means the Time Quota function is not enabled for this account After login this account will not be expired until it is logout 3 In the Web interface of router the configuration page of ...

Page 524: ...ge which means this account has no time quota If the Time Quota is enabled and time is not 0 minute You will get the following message The expired time is shown after you login After you run out the available time you can t use this account any more until the administrator manually adds additional time for you ...

Page 525: ...n again Authentication via VigorPro Alert Notice Tool allows user to setup the re authentication interval so that the utility will send authentication requests periodically This will keep the client hosts from having to manually authenticate again and again The configuration of the VigorPro Alert Notice Tool is as follows 1 Click Authenticate Now to start the authentication immediately 2 You may g...

Page 526: ... pl le e 1 1 U Us se er rs s c ca an n s se ee e t th he e m me es ss sa ag ge e f fo or r l la an nd di in ng g p pa ag ge e a af ft te er r l lo og gg gi in ng g i in nt to o I In nt te er rn ne et t s su uc cc ce es ss sf fu ul ll ly y 1 Open the web user interface of VigorBX 2000 2 Open User Management General Setup to get the following page In the field of Landing Page please type the words o...

Page 527: ...lick OK to save the settings 5 Open any browser e g FireFox Internet Explorer The logging page will appear and asks for username and password Please type the correct username and password 6 Click Login If the logging is successful you will see the message of Login Success from the browser you use ...

Page 528: ...gi in ng g i in nt to o I In nt te er rn ne et t s su uc cc ce es ss sf fu ul ll ly y 1 In the field of Landing Page please type the words as below body stats 1 script language javascript window location http www draytek com script body 2 Next enable the Landing Page function Open User Management User Profile and click one of the index number e g index number 3 links 3 In the following page check ...

Page 529: ...VigorBX 2000 Series User s Guide 517 4 Open any browser e g FireFox Internet Explorer The logging page will appear and asks for username and password Please type the correct username and password ...

Page 530: ...VigorBX 2000 Series User s Guide 518 5 Click Login If the logging is successful you will be directed into the website of www draytek com ...

Page 531: ...ngs are explained as follows Item Description External Device Auto Discovery Check this box to detect the external device automatically and display on this page From this web page check the box of External Device Auto Discovery Later all the available devices will be displayed in this page with icons and corresponding information You can change the device name if required or remove the information...

Page 532: ...VigorBX 2000 Series User s Guide 520 This page is left blank ...

Page 533: ...r rt t V VI II II I O Ot th he er rs s USB device connected on Vigor router can be regarded as a server or WAN interface By way of Vigor router clients on LAN can access write and read data stored in USB storage disk with different applications ...

Page 534: ...e ports in a limited range usually will be applied in configuring router s settings therefore we can define them with objects and bind them with groups for using conveniently Later we can select that object group that can apply it For example all the IPs in the same department can be defined with an IP object a range of IP address ...

Page 535: ... conditions Available settings are explained as follows Item Description Set to Factory Default Clear all profiles Index Display the profile number that you can configure Name Display the name of the object profile To set a new profile please do the steps listed below 1 Click the number e g 1 under Index column for configuration in details 2 The configuration page will be shown as follows ...

Page 536: ...cified with LAN DMZ RT VPN interface will be opened for you to choose in Edit Filter Rule page Address Type Determine the address type for the IP address Select Single Address if this object contains one IP address only Select Range Address if this object contains several IPs within a range Select Subnet Address if this object contains one subnet for IP address Select Any Address if this object co...

Page 537: ...he Subnet Address type is selected Invert Selection If it is checked all the IP addresses except the ones listed above will be applied later while it is chosen 4 After finishing all the settings here please click OK to save the configuration Below is an example of IP objects settings ...

Page 538: ...ngs are explained as follows Item Description Set to Factory Default Clear all profiles Index Display the profile number that you can configure Name Display the name of the group profile To set a new profile please do the steps listed below 1 Click the number e g 1 under Index column for configuration in details 2 The configuration page will be shown as follows ...

Page 539: ...ied interface chosen above will be shown in this box Selected IP Objects Click button to add the selected IP objects in this box 3 After finishing all the settings here please click OK to save the configuration V VI II II I 1 1 3 3 I IP Pv v6 6 O Ob bj je ec ct t You can set up to 64 sets of IPv6 Objects with different conditions Available settings are explained as follows Item Description Set to ...

Page 540: ...several IPv6s within a range Select Subnet Address if this object contains one subnet for IPv6 address Select Any Address if this object contains any IPv6 address Select Mac Address if this object contains Mac address Mac Address Type the MAC address of the network card which will be controlled Start IP Address Type the start IP address for Single Address type End IP Address Type the end IP addres...

Page 541: ...settings are explained as follows Item Description Set to Factory Default Clear all profiles Index Display the profile number that you can configure Name Display the name of the group profile To set a new profile please do the steps listed below 1 Click the number e g 1 under Index column for configuration in details 2 The configuration page will be shown as follows ...

Page 542: ...Pv6 Objects Click button to add the selected IPv6 objects in this box 3 After finishing all the settings please click OK to save the configuration V VI II II I 1 1 5 5 S Se er rv vi ic ce e T Ty yp pe e O Ob bj je ec ct t You can set up to 96 sets of Service Type Objects with different conditions Available settings are explained as follows Item Description Set to Factory Default Clear all profiles...

Page 543: ...rt columns are available for TCP UDP protocol It can be ignored for other protocols The filter rule will filter out any port number when the first and last value are the same it indicates one port when the first and last values are different it indicates a range for the port and available for this profile when the first and last value are the same it indicates all the ports except the port defined...

Page 544: ... 1 1 6 6 S Se er rv vi ic ce e T Ty yp pe e G Gr ro ou up p This page allows you to bind several service types into one group Available settings are explained as follows Item Description Set to Factory Default Clear all profiles Index Display the profile number that you can configure Name Display the name of the group profile ...

Page 545: ...tings are explained as follows Item Description Name Type a name for this profile Maximum 15 characters are allowed Available Service Type Objects All the available service objects that you have added on Objects Setting Service Type Object will be shown in this box Selected Service Type Objects Click button to add the selected IP objects in this box 3 After finishing all the settings please click ...

Page 546: ...n set 200 keyword object profiles for choosing as black white list in CSM URL Web Content Filter Profile Available settings are explained as follows Item Description Set to Factory Default Clear all profiles Index Display the profile number that you can configure Name Display the name of the object profile ...

Page 547: ...gs are explained as follows Item Description Name Type a name for this profile e g game Maximum 15 characters are allowed Contents Type the content for such profile For example type gambling as Contents When you browse the webpage the page with gambling information will be watched out and be passed blocked based on the configuration on Firewall settings 3 After finishing all the settings please cl...

Page 548: ... list in CSM URL Web Content Filter Profile Available settings are explained as follows Item Description Set to Factory Default Clear all profiles Index Display the profile number that you can configure Name Display the name of the group profile To set a new profile please do the steps listed below 1 Click the number e g 1 under Index column for configuration in details 2 The configuration page wi...

Page 549: ...selected Keyword objects in this box 3 After finishing all the settings please click OK to save the configuration V VI II II I 1 1 9 9 F Fi il le e E Ex xt te en ns si io on n O Ob bj je ec ct t This page allows you to set eight profiles which will be applied in CSM URL Content Filter All the files with the extension names specified in these profiles will be processed according to the chosen actio...

Page 550: ...ils 2 The configuration page will be shown as follows Available settings are explained as follows Item Description Profile Name Type a name for this profile The maximum length of the name you can set is 7 characters 3 Type a name for such profile and check all the items of file extension that will be processed in the router Finally click OK to save this profile ...

Page 551: ...ervice Each item is explained as follows Item Description Set to Factory Default Clear all of the settings and return to factory default settings Index Display the profile number that you can configure Profile Display the name for such SMS profile SMS Provider Display the service provider which offers SMS service To set a new profile please do the steps listed below 1 Click the SMS Provider tab an...

Page 552: ...can use to register to selected SMS provider The maximum length of the name you can set is 31 characters Password Type a password that the sender can use to register to selected SMS provider The maximum length of the password you can set is 31 characters Quota Type the number of the credit that you purchase from the service provider chosen above Note that one credit equals to one SMS text message ...

Page 553: ...0 to make customized SMS service The profile name for Index 9 and Index 10 are fixed You can click the number e g 9 under Index column for configuration in details Available settings are explained as follows Item Description Profile Name Display the name of this profile It cannot be modified Service Provider Type the website of the service provider Type the URL string in the box under the filed of...

Page 554: ...the router will send out Sending Interval Type the shortest time interval for the system to send SMS After finishing all the settings here please click OK to save the configuration M Ma ai il l S Se er rv vi ic ce e O Ob bj je ec ct t This page allows you to set ten profiles which will be applied in Application SMS Mail Alert Service Each item is explained as follows Item Description Set to Factor...

Page 555: ... Type the IP address of the mail server SMTP Port Type the port number for SMTP server Sender Address Type the e mail address of the sender Use SSL Check this box to use port 465 for SMTP server for some e mail server uses https as the transmission method Authentication The mail server must be authenticated with the correct username and password to have the right of sending message out Check the b...

Page 556: ...II I 1 1 1 11 1 N No ot ti if fi ic ca at ti io on n O Ob bj je ec ct t This page allows you to set ten profiles which will be applied in Application SMS Mail Alert Service You can set an object with different monitoring situation To set a new profile please do the steps listed below 1 Open Object Setting Notification Object and click the number e g 1 under Index column for configuration in detail...

Page 557: ...iption Profile Name Type a name for such notification profile The maximum length of the name you can set is 15 characters Category Display the types that will be monitored Status Display the status for the category You can check the box you want to be monitored 3 After finishing all the settings here please click OK to save the configuration ...

Page 558: ... 1 Log into the web user interface of Vigor router 2 Configure relational objects first Open Object Settings SMS Mail Server Object to get the following page Index 1 to Index 8 allows you to choose the built in SMS service provider If the SMS service provider is not on the list you can configure Index 9 and Index 10 to add the new service provider to Vigor router 3 Choose any index number e g Inde...

Page 559: ... profile setting 5 Open Object Settings Notification Object to configure the event conditions of the notification 6 Choose any index number e g Index 1 in this case to configure conditions for sending the SMS In the following page type the name of the profile and check the Disconnected and Reconnected boxes for WAN to work in concert with the topic of this paper ...

Page 560: ... to choose SMS Provider and the Notify Profile specify the time of sending SMS Then type the phone number in the field of Recipient the one who will receive the SMS 9 Click OK to save the settings Later if one of the WAN connections fails in your router the system will send out SMS to the phone number specified If the router has only one WAN interface the system will send out SMS to the phone numb...

Page 561: ...S S P Pr ro ov vi id de er r Choose one of the Index numbers 9 or 10 allowing you to customize the SMS Provider In the web page type the URL string of the SMS provider and type the username and password After clicking OK the new added SMS provider will be added and will be available for you to specify for sending SMS out ...

Page 562: ...n USB Application you can type the IP address of the Vigor router and username password created in USB Application USB User Management on the client software Then the client can use the FTP site USB storage disk or share the Samba service through Vigor router Info USB ports on Vigor router are allowed to connect to USB modem Models of the modems supported by Vigor router can be seen from USB Appli...

Page 563: ... the USB storage disk into the Vigor router please make sure the memory format for the USB storage disk is FAT16 or FAT32 It is recommended for you to use FAT32 for viewing the filename completely FAT16 cannot support long filename Available settings are explained as follows Item Description General Settings Simultaneous FTP Connections This field is used to specify the quantity of the FTP session...

Page 564: ...acters and the host name can have as many as 23 characters Both them cannot contain any of the following Workgroup Name Type a name for the workgroup Host Name Type the host name for the router After finishing all the settings here please click OK to save the configuration V VI II II I 2 2 2 2 U US SB B U Us se er r M Ma an na ag ge em me en nt t This page allows you to set profiles for FTP SMB us...

Page 565: ...erved for FTP firmware upgrade usage Note FTP Passive mode is not supported by Vigor Router Please disable the mode on the FTP client Password Type the password for FTP SMB users for accessing FTP server Later you can open FTP client software and type the password specified here for accessing into USB storage disk The length of the password is limited to 11 characters Confirm Password Type the pas...

Page 566: ... you have to insert a USB storage disk into the USB interface of the Vigor router Otherwise you cannot save the configuration V VI II II I 2 2 3 3 F Fi il le e E Ex xp pl lo or re er r File Explorer offers an easy way for users to view and manage the content of USB storage disk connected on Vigor router Available settings are explained as follows Item Description Refresh Click this icon to refresh...

Page 567: ...USB Disk first And then remove the USB storage disk later Available settings are explained as follows Item Description Connection Status If there is no USB storage disk connected to Vigor router No Disk Connected will be shown here Disk Capacity It displays the total capacity of the USB storage disk Free Capacity It displays the free space of the USB storage disk Click Refresh at any time to get n...

Page 568: ... Vigor routers will continuously monitor the temperature of its environment When a pre determined threshold is reached you will be alerted by either an email or SMS so you can undertake appropriate action T Te em mp pe er ra at tu ur re e S Se en ns so or r S Se et tt ti in ng gs s Available settings are explained as follows Item Description Display Settings Temperature Calibration Type a value us...

Page 569: ...VigorBX 2000 Series User s Guide 557 T Te em mp pe er ra at tu ur re e C Ch ha ar rt t Below shows an example of temperature graph ...

Page 570: ...des the information about the brand name and model name of the USB modems which are supported by Vigor router V VI II II I 2 2 7 7 S SM MB B C Cl li ie en nt t S Su up pp po or rt t L Li is st t SMB Client Support List provides the test status information for applications with file sharing operated under different platforms ...

Page 571: ... ut te er r Files on USB storage device can be reviewed by opening USB Applicaiton File Explorer If it is necessary for you to delete copy files on the device or write paste files to the devcie it must be done through SMB file sharing server or FTP server 1 Plug the USB device to the USB port on the router Make sure Disk Connected appears on the Connection Status as the figure shown below 2 Then p...

Page 572: ...USB User Management Click Enable to enable FTP SMB user account Here we add a new account user1 and assign authorities Read Write and List to it 4 Click OK to save the configuration 5 Make sure the FTP service is running properly Please open a browser and type ftp 192 168 1 1 Use the account user1 to login ...

Page 573: ...USB Application USB Disk Status The information for FTP server will be shown as below Now users in LAN of VigorBX 2000 can access into the USB storage device by typing ftp 192 168 1 1 on any browser They can add or remove files directories depending on the Access Rule for FTP account settings in USB Application USB User Management ...

Page 574: ...VigorBX 2000 Series User s Guide 562 This page is left blank ...

Page 575: ...ide 563 P Pa ar rt t I IX X T Tr ro ou ub bl le es sh ho oo ot ti in ng g This part will guide you to solve abnormal situations if you cannot access into the Internet after installing the router and finishing the web configuration ...

Page 576: ...lation status stage by stage Checking information through menu items under Diagnostics Checking if the hardware status is OK or not Checking if the network connection settings on your computer are OK or not Pinging the router from your computer Checking if the ISP settings are OK or not Backing to factory default setting if necessary If all above stages are done and the router still cannot run nor...

Page 577: ... 1 1 1 D Di ia al l o ou ut t T Tr ri ig gg ge er ri in ng g Click Diagnostics and click Dial out Triggering to open the web page The internet connection e g PPPoE is triggered by a package sending from the source IP address Available settings are explained as follows Item Description Decoded Format It shows the source IP address local destination IP remote address the protocol and length of the p...

Page 578: ... s Guide 566 I IX X 1 1 2 2 R Ro ou ut ti in ng g T Ta ab bl le e Click Diagnostics and click Routing Table to open the web page Available settings are explained as follows Item Description Refresh Click it to reload the page ...

Page 579: ...ardware address MAC Address and an IP address Available settings are explained as follows Item Description Refresh Click it to reload the page I IX X 1 1 4 4 I IP Pv v6 6 N Ne ei ig gh hb bo ou ur r T Ta ab bl le e The table shows a mapping between an Ethernet hardware address MAC Address and an IPv6 address This information is helpful in diagnosing network problems such as IP address conflicts et...

Page 580: ...ty provides information on IP address assignments This information is helpful in diagnosing network problems such as IP address conflicts etc Click Diagnostics and click DHCP Table to open the web page and Available settings are explained as follows Item Description Index It displays the connection item number IP Address It displays the IP address assigned by this router for specified PC ...

Page 581: ... NA AT T S Se es ss si io on ns s T Ta ab bl le e Click Diagnostics and click NAT Sessions Table to open the list page Available settings are explained as follows Item Description Private IP Port It indicates the source IP address and port of local PC Pseudo Port It indicates the temporary port of the router used for NAT Peer IP Port It indicates the destination IP address and port of remote host ...

Page 582: ...d displayed on Diagnostics DNS Cache Table Available settings are explained as follows Item Description Clear Click this link to remove the result on the window Refresh Click it to reload the page When an entry s TTL is larger than Check the box the type the value of TTL time to live for each entry Click OK to enable such function It means when the TTL value of each DNS query reaches the threshold...

Page 583: ...ined as follows Item Description IPV4 IPV6 Choose the interface for such function Ping through Use the drop down list to choose the WAN interface that you want to ping through or choose Unspecified to be determined by the router automatically Ping to Use the drop down list to choose the destination that you want to ping IP Address Type the IP address of the Host IP that you want to ping ...

Page 584: ...his page displays the running procedure for the IP address monitored and refreshes the data in an interval of several seconds The IP address listed here is configured in Bandwidth Management You have to enable IP bandwidth limit and IP session limit before invoking Data Flow Monitor If not a notification dialog box will appear to remind you enabling it Click Diagnostics and click Data Flow Monitor...

Page 585: ...red device RX rate kbps Display the receiving speed of the monitored device Sessions Display the session number that you specified in Limit Session web page Action Block can prevent specified PC accessing into Internet within 5 minutes Unblock The device with the IP address will be blocked for five minutes The remaining time will be shown on the session column Click it to cancel the IP address blo...

Page 586: ...et to zero the accumulated RX TX received and transmitted data of WAN Click Refresh to renew the graph at any time The horizontal axis represents time Yet the vertical axis has different meanings For WAN1 WAN2 WAN3 WAN4 Bandwidth chart the numbers displayed on vertical axis represent the numbers of the transmitted and received packets in the past For Sessions chart the numbers displayed on vertica...

Page 587: ...the routes from router to the host Simply type the IP address of the host in the box and click Run The result of route trace will be shown on the screen or Available settings are explained as follows Item Description IPv4 IPv6 Click one of them to display corresponding information for it Trace through Use the drop down list to choose the interface that you want to ping through ...

Page 588: ...is page displays the time and message for User Firewall call WAN VPN settings You can check Enable Web Syslog specify the type of Syslog and choose the display mode you want Later the event of Syslog with specified type will be shown for your reference Available settings are explained as follows Item Description Enable Web Syslog Check this box to enable the function of Web Syslog Syslog Type Use ...

Page 589: ...ettings are explained as follows Item Description Time Display the time of the event occurred Log Type Display the type of the record Message Display the information for each event I IX X 1 1 1 13 3 T TS SP PC C S St ta at tu us s IPv6 TSPC status web page could help you to diagnose the connection status of TSPC If TSPC has configured properly the router will display the following page when the us...

Page 590: ...nse mechanism It is useful and convenient for network engineers e g MIS engineer to inspect the network environment to find out if there is any abnormal connection Information of IP traced and destination port used for SYN Flood UDP Flood and ICMP Flood attacks will be detected and shown respectively on different pages Moreover IP address detected and suspected to attack the network system can be ...

Page 591: ...VigorBX 2000 Series User s Guide 579 Info The icon means there is something wrong e g attacking the system with that IP address ...

Page 592: ...he hardware status 1 Check the power line and WLAN LAN cable connections Refer to I 2 Hardware Installation for details 2 Turn on the router Make sure the ACT LED blink once per second and the correspondent LAN LED is bright 3 If not it means that there is something wrong with the hardware status Simply back to I 2 Hardware Installation to execute the hardware installation again And then try again...

Page 593: ...he link is stilled failed please do the steps listed below to make sure the network connection settings is OK F Fo or r W Wi in nd do ow ws s Info The example is based on Windows 7 As to the examples for other operation systems please refer to the similar steps or find support notes in www DrayTek com 1 Open All Programs Getting Started Control Panel Click Network and Sharing Center 2 In the follo...

Page 594: ...BX 2000 Series User s Guide 582 4 Select Internet Protocol Version 4 TCP IP and then click Properties 5 Select Obtain an IP address automatically and Obtain DNS server address automatically Finally click OK ...

Page 595: ...Guide 583 F Fo or r M Ma ac c O OS S 1 Double click on the current used Mac OS on the desktop 2 Open the Application folder and get into Network 3 On the Network screen select Using DHCP from the drop down list of Configure IPv4 ...

Page 596: ... router correctly F Fo or r W Wi in nd do ow ws s 1 Open the Command Prompt window from Start menu Run 2 Type command for Windows 95 98 ME or cmd for Windows NT 2000 XP Vista 7 The DOS command dialog will appear 3 Type ping 192 168 1 1 and press Enter If the link is OK the line of Reply from 192 168 1 1 bytes 32 time 1ms TTL 255 will appear 4 If the line does not appear please check the IP address...

Page 597: ...VigorBX 2000 Series User s Guide 585 ...

Page 598: ...gured in Vigor router Check if the LEDs on Vigor router are on or not If not please install an additional switch for connecting both Vigor router and the modem offered by ISP Then check if the LEDs on Vigor router are on or not If the problem of LEDs cannot be solved by the above measures please contact with the nearest reseller or send an e mail to DrayTek FAE for technical support Check if the s...

Page 599: ...k k c co on nn ne ec ct ti io on n d do oe es s n no ot t w wo or rk k Check the PIN Code of SIM card is disabled or not Please use the utility of 3G 4G USB Modem to disable PIN code and try again If it still fails it might be the compliance problem of system Please open DrayTek Syslog Tool to capture the connection information WAN Log and send the page similar to the following graphic to the serv...

Page 600: ...r re e R Re es se et t You can reset the router to factory default via Web page Such function is available in Admin Mode only Go to System Maintenance and choose Reboot System on the web page The following screen will appear Choose Using factory default configuration and click Reboot Now After few seconds the router will return all the settings to the factory settings H Ha ar rd dw wa ar re e R Re...

Page 601: ... C Co on nt ta ac ct ti in ng g D Dr ra ay yT Te ek k If the router still cannot work correctly after trying many efforts please contact your dealer for further help right away For any questions please feel free to send e mail to support DrayTek com ...

Page 602: ... the difficulty is how to handle the traffics between two or more Ethernet switches Thus VLAN is suitable for some circumstances for example the rental apartment SOHO office and so on These clients may need two or three isolated networks only and setup a network in a simple way T Ta ag g b ba as se ed d The idea of tag based VLAN is to identify a virtual LAN with a specific ID therefore VLAN ID in...

Page 603: ...VID packet as the VID of Trunk port while forwarding the packets to another switch Bridge mode of WAN P1 and P2 are doing NAT flow to access to the internet but P3 and P4 will forward the packets between WAN and LAN ports directly W We eb b U Us se er r I In nt te er rf fa ac ce e So far there are two kinds of open system on Vigor router One is DrayOS which is DrayTek owned and another is Linux li...

Page 604: ...VigorBX 2000 Series User s Guide 592 ...

Page 605: ...VigorBX 2000 Series User s Guide 593 LAN V VL LA AN N a ap pp pl li ic ca at ti io on ns s o on n V Vi ig go or r r ro ou ut te er r Multi Subnet VLAN of LAN ...

Page 606: ...server LAN1 LAN2 LAN3 LAN4 However the traffics of the LAN port or SSID that are NOT being grouped in the same VLAN are unable to forward to each other The benefit of Port based is able to extend the wired ports by installing a cheaper dumb switch as many as you need but Tag based offers you a flexible and well managed network The networks are isolated secured and reduce the broadcasting storm eff...

Page 607: ...ave to be isolated from your private network due to the security considerations it can be done by above settings However a switch support VLAN function is need if VLAN Tag enabled Triple Play Multi WAN NAT mode with VLAN Following settings the set top box STB is able to attach with any LAN port Video streaming which your ISP provided will be played on your monitor ...

Page 608: ...VigorBX 2000 Series User s Guide 596 ...

Page 609: ...ridge mode with VLAN Set top box STB or the other kinds of media devices are able to attach with Port4 or Port5 of LAN Those devices that attached with Port4 or Port5 are able to access the services network directly which your ISP provided ...

Page 610: ...VigorBX 2000 Series User s Guide 598 This page is left blank ...

Page 611: ...VigorBX 2000 Series User s Guide 599 P Pa ar rt t X X T Te el ln ne et t C Co om mm ma an nd ds s ...

Page 612: ...re the Windows Features of Telnet Client has been turned on under Control Panel Programs Type cmd and press Enter The Telnet terminal will be open later In the following window type Telnet 192 168 1 1 as below and press Enter Note that the IP address in the example is the default address of the router If you have changed the default enter the current IP address of the router Next type admin admin ...

Page 613: ...Guide 601 For users using previous Windows system e g 2000 XP simply click Start Run and type Telnet 192 168 1 1 in the Open box as below Next type admin admin for Account Password And type to get a list of valid common commands ...

Page 614: ...80 adsl txpct 75 tx percentage 75 T Te el ln ne et t C Co om mm ma an nd d a ad ds sl l s st ta at tu us s This command is used to display current status of ADSL setting S Sy yn nt ta ax x adsl status E Ex xa am mp pl le e adsl status ATU R Info hw annex A f w annex Unknown Running Mode T1 413 State TRAINING DS Actual Rate 0 bps US Actual Rate 0 bps DS Attainable Rate 0 bps US Attainable Rate 0 bp...

Page 615: ... VCMUX_Route 6 IPoE Proto It means the protocol used to connect Internet Different numbers represent different protocols 0 PPPoA 1 PPPoE 2 MPoA Modu 0 T1 413 2 G dmt 4 Multi 5 ADSL2 7 ADSL2_AnnexM 8 ADSL2 14 ADSL2 _AnnexM acqIP It means the way to acquire IP address Type the number to determine the IP address by specifying or assigned dynamically by DHCP server 0 fix_ip 1 dhcp_client PPPoE PPPoA a...

Page 616: ... on n pvc_no It means pvc number and must be between 0 Channel 1 to 7 Channel 8 status It means to shown the whole bridge status save It means to save the configuration to flash enable It means to enable the Multi VLAN function disable It means to disable the Multi VLAN function on off It means to turn on off bridge mode for the specific channel clear It means to turn off and clear all the PVC set...

Page 617: ...l le e adsl idle Idle Mode You has to use adsl reboot to restart booting T Te el ln ne et t C Co om mm ma an nd d a ad ds sl l d dr ri iv ve em mo od de e This command is useful for laboratory to measure largest power of data transmission Please follow the steps below to set adsl drivermode 1 Please connect dsl line to the DSLAM 2 Waiting for dsl SHOWTIME 3 Drop the dsl line 4 Now it is on continu...

Page 618: ... level 5 for F5 End to End VC level chklink Check the DSL connection Log_on log_off Enable or disable the OAM log for debug E Ex xa am mp pl le e adsl oamlb chklink on OAM checking dsl link is ON adsl oamlb F5 4 Tx cnt 0 Rx Cnt 0 T Te el ln ne et t C Co om mm ma an nd d a ad ds sl l v vc ci il li im mi it t This command can cancel the limit for vci value Some ISP might set the vci value under 32 I...

Page 619: ... sc cr ri ip pt ti io on n add It means to add ADSL mode remove It means to remove ADSL mode set It means to use default settings plus the new added ADSL mode default It means to use default settings show It means to display current setting adsl_mode There are three modes to be choose ANNEXL ANNEXM and ANNEXJ E Ex xa am mp pl le e Vigor adsl automode set ANNEXJ Automode supported T1 413 G DMT ADSL...

Page 620: ...E vendor ID adsl vendorid status on off set vid0 vid1 S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description status Display current status of user defined vendor ID on Enable the user defined function off Disable the user defined function set vid0 vid1 It means to set user defined vendor ID with vid0 and vid1 The vendor ID shall be set with HEX format ex 00fe7244 79612f21 E Ex ...

Page 621: ... means Maximum Burst Size status It means to display PCR SCR MBS setting E Ex xa am mp pl le e adsl atm pcr 1 200 max PCR is 200 for pvc 1 adsl atm pcr status pvc channel PCR 0 1 0 1 2 200 2 3 0 3 4 0 4 5 0 5 6 0 6 7 0 7 8 0 adsl atm mbs 2 300 max MBS is 300 for pvc 2 T Te el ln ne et t C Co om mm ma an nd d a ad ds sl l p pv vc cb bi in nd di in ng g This command can configure PVC to PVC binding ...

Page 622: ...r This command is used to configure the value of SNR Signal to noise ratio Greater value results in stable network connection Smaller value results in better Up Down speed but easy to disconnect adsl snr delta S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description delta It means SNR margin delta The range is from 50 to 50 Current ADSL SNR Margin is 0 dB E Ex xa am mp pl le e vd...

Page 623: ...ndex 2 inactive UserName 2 PassWord 2 ServerIP 2 0 T Te el ln ne et t C Co om mm ma an nd d c cs sm m a ap pp pe e p pr ro of f Commands under CSM allow you to set CSM profile to define policy profiles for different policy of IM Instant Messenger P2P Peer to Peer application csm appe prof is used to configure the APP Enforcement Profile name Such profile will be applied in Default Rule of Firewall...

Page 624: ...ter Description INDEX It means to specify the index number of CSM profile from 1 to 32 v It means to view the IM configuration of the CSM profile e It means to enable the blocking for specific application d It means to disable the blocking for specific application a Set the action of specific application AP Specify one of the following applications for such profile MSN MSN YIM YahooIM AIM AIM ICQ ...

Page 625: ...profile e It means to enable the blocking for specific application d It means to disable the blocking for specific application a Set the action of specific application 0 or 1 0 Block All of the applications meet the CSM rule will be blocked 1 Pass All of the applications meet the CSM rule will be passed AP Specify one of the following applications for such profile SoulSeek SoulSeek Protocol eDonke...

Page 626: ...CSM profile from 1 to 32 v It means to view the protocol configuration of the CSM profile e It means to enable the blocking for specific application d It means to disable the blocking for specific application a Set the action of specific application 0 or 1 0 Block All of the applications meet the CSM rule will be blocked 1 Pass All of the applications meet the CSM rule will be passed AP Specify on...

Page 627: ... N csm ucf obj INDEX uac csm ucf obj INDEX wf S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n P Pa ar ra am me et te er r D De es sc cr ri ip pt ti io on n show It means to display all of the profiles setdefault It means to return to default settings for all of the profile msg MSG It means de set the administration message MSG means the content less than 255 characters of the message itself o...

Page 628: ...g none Priority Select Bundle Pass Enable URL Access Control Action pass Prevent web access from IP address No Obj NO Object Name No Grp NO Group Name T Te el ln ne et t C Co om mm ma an nd d c cs sm m u uc cf f o ob bj j I IN ND DE EX X u ua ac c It means to configure the settings regarding to URL Access Control uac csm ucf obj INDEX uac v csm ucf obj INDEX uac e csm ucf obj INDEX uac d csm ucf o...

Page 629: ...e URL Access Control will be passed i Prevent the web access from any IP address E Enable the function The Internet access from any IP address will be blocked D Disable the function o Set the keyword object KEY_WORD_Object_Index Specify the index number of the object profile g Set the keyword group KEY_WORD_Group_Index Specify the index number of the group profile E Ex xa am mp pl le e csm ucf obj...

Page 630: ...VigorBX 2000 Series User s Guide 618 Log none Priority Select Bundle Pass Enable URL Access Control Action block v Prevent web access from IP address No Obj NO Object Name No Grp NO Group Name ...

Page 631: ...e protocol configuration of the CSM profile e It means to enable the restriction of web feature d It means to disable the restriction of web feature a Set the action of web feature P or B B Block The web access meets the web feature will be blocked P Pass The web access meets the web feature will be passed s It means to enable the the Web Feature configuration Features available for configuration ...

Page 632: ...bj INDEX a P B csm wcf obj INDEX n PROFILE_NAME csm wcf obj INDEX l N P B A csm wcf obj INDEX o KEY_WORD Object Index csm wcf obj INDEX g KEY_WORD Group Index csm wcf obj INDEX w E D P B csm wcf obj INDEX s CATEGORY WEB_GROUP csm wcf obj INDEX u CATEGORY WEB_GROUP S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description show It means to display the web content filter profiles Loo...

Page 633: ...dex Specify the index number of the object profile g Set the keyword group KEY_WORD_Group_Index Specify the index number of the group profile w It means to set the action for the black and white list E Enable D Disable P Pass B Block s It means to choose the items under CATEGORY or WEB_GROUP u It means to discard items under CATEGORY or WEB_GROUP WEB_GROUP Child_Protection Leisure Business Chating...

Page 634: ... eer Advertisements Pop Ups Arts Transportation Compromised Dating Personals Education Finance Government Health Medcine News Non profits NGOs Personal Sites Politics Real Estate Rligion Restaurants Dining Shopping Translators General Cults Greetig cards Image Sharing Network Errors Parked Domains Private IP Addresses ...

Page 635: ...rotection Group v Alcohol Tobacco v Criminal Activity v Gambling v Hate Intolerance v Illegal Drug v Nudity v Pornography Sexually explicit v Violence v Weapons v School Cheating v Sex Education v Tasteless v Child Abuse Images leisure Group Entertainment Games Sports Travel Leisure Recreation Fashion Beauty T Te el ln ne et t C Co om mm ma an nd d d dd dn ns s l lo og g Displays the DDNS log E Ex...

Page 636: ...s s ATTACK_F THRESHOLD TIMEOUT dos a e ATTACK_F ATTACK_0 d ATTACK_F ATTACK_0 S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description V It means to view the configuration of DoS defense system D It means to deactivate the DoS defense system A It means to activate the DoS defense system s It means to enable the defense function for a specific attack and set its parameter s ATTACK_...

Page 637: ...f the following attacks ip_option tcp_flag land teardrop smurf pingofdeath traceroute icmp_frag syn_frag unknow_proto fraggle d It means to disable the defense function for a specific attack s E Ex xa am mp pl le e dos A The Dos Defense system is Activated dos s synflood 50 10 Synflood is enabled Threshold 50 pke sec timeout 10 pke sec ...

Page 638: ...n off It means to enable PPPoE Service u username It means to set username max 49 characters for Internet accessing p password It means to set password max 49 characters for Internet accessing a n It means to set PPP Authentication Type and n means different types represented by 0 1 n 0 PAP CHAP this is default setting n 1 PAP Only t n It means to set connection duration and n means different cond...

Page 639: ... set to 0 0 0 0 internet V WAN1 Internet Mode PPPoE ISP Name tcom Username username Authentication PAP CHAP Idle Timeout 1 WAN IP Dynamic IP T Te el ln ne et t C Co om mm ma an nd d i ip p 2 2n nd ds su ub bn ne et t This command allows users to enable or disable the IP routing subnet for your router ip 2ndsubnet Enable Disable S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Descrip...

Page 640: ...mmand allows users to set the subnet mask for second subnet mask of your router ip 2ndmask ip 2ndmask public subnet mask S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description Display an IP address which allows users set as the public subnet mask public subnet IP address Specify a subnet mask The system will set the one that you specified as the public subnet mask E Ex xa am mp...

Page 641: ... Where IP Auxiliary WAN IP Address Join to NAT Pool 0 or 1 Index The Index number of table Now auxiliary WAN1 IP Address table Index no Status IP address NAT IP pool 1 Disable 0 0 0 0 Yes 2 Enable 192 168 1 65 Yes When you type ip aux the current auxiliary WAN IP Address table will be shown as the following Index no Status IP address IP pool 1 Enable 172 16 3 229 Yes 2 Enable 172 16 3 56 No 3 Enab...

Page 642: ...Ex xa am mp pl le e ip nmask 255 255 0 0 Set IP netmask OK T Te el ln ne et t C Co om mm ma an nd d i ip p a ar rp p ARP displays the matching condition for IP and MAC address ip arp add IP address MAC address LAN or WAN ip arp del IP address LAN or WAN ip arp flush ip arp status ip arp accept 0 1 2 3 4 5status ip arp setCacheLife time In which arp add allows users to add a new IP address into the...

Page 643: ...gs will be 10 20 30 2550 seconds E Ex xa am mp pl le e ip arp accept status Accept illegal source mac arp disable Accept illegal dest mac arp disable Accept VRRP mac into arp table disable ip arp status ARP Table Index IP Address MAC Address Netbios Name 1 192 168 1 113 00 05 5D E4 D8 EE A1000351 T Te el ln ne et t C Co om mm ma an nd d i ip p d dh hc cp pc c This command is available for WAN DHCP...

Page 644: ...tain another new one status It displays current status of DHCP client E Ex xa am mp pl le e ip dhcpc status I F 3 DHCP Client Status DHCP Server IP 172 16 3 7 WAN Ipm 172 16 3 40 WAN Netmask 255 255 255 0 WAN Gateway 172 16 3 1 Primary DNS 168 95 192 1 Secondary DNS 0 0 0 0 Leased Time 259200 Leased Time T1 129600 Leased Time T2 226800 Leased Elapsed 259194 Leased Elapsed T1 129594 Leased Elapsed ...

Page 645: ... Host IP address WAN1 WAN2 Udp Icmp S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description IP address It means the target IP address WAN1 WAN2 It means the WAN port that the above IP address passes through Udp Icmp It means the UDP or ICMP E Ex xa am mp pl le e ip tracert 22 128 2 62 WAN1 Traceroute to 22 128 2 62 30 hops max 1 172 16 3 7 10ms 2 172 16 1 2 10ms 3 Request Time o...

Page 646: ...subnet E Ex xa am mp pl le e ip rip 1 Set RIP 1st subnet T Te el ln ne et t C Co om mm ma an nd d i ip p w wa an nr ri ip p This command allows users to set the RIP routing information protocol of WAN IP ip wanrip ifno e 0 1 S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description ifno It means the connection interface 1 WAN1 2 WAN2 3 PVC3 4 PVC4 5 PVC5 Note PVC3 PVC5 are virtual...

Page 647: ...ble WAN 4 Rip Protocol disable WAN 5 Rip Protocol enable T Te el ln ne et t C Co om mm ma an nd d i ip p r ro ou ut te e This command allows users to set static route ip route add dst netmask gateway ifno rtype ip route del dst netmask rtype ip route status ip route cnc ip route default wan1 wan2 off ip route clean 1 0 S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description add ...

Page 648: ...t route static static route cnc It means current IP range for CNC Network default Set WAN1 WAN2 off as current default route clean Clean all of the route settings 1 Enable the function 0 Disable the function E Ex xa am mp pl le e ip route add 172 16 2 0 255 255 255 0 172 16 2 4 3 static ip route status Codes C connected S static R RIP default private C 192 168 1 0 255 255 255 0 is directly connect...

Page 649: ... server for using On off show help It means to turn on off display or get more information of the T_home service query It means to set IGMP general query interval The default value is 125000 ms ppp 0 No need to set IGMP with PPP header 1 Set IGMP with PPP header status It means to display current status for proxy server E Ex xa am mp pl le e ip igmp t_home on T Home Setting T Home Service is turne...

Page 650: ...ne et t C Co om mm ma an nd d i ip p w wa an nt tt tr r This command is used to setup the time to return WAN1 from backup WAN ip wanttr time in seconds S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description time in seconds The available range is 0 600 seconds E Ex xa am mp pl le e ip ip wanttr 500 T Te el ln ne et t C Co om mm ma an nd d i ip p d dm mz z Specify MAC address of ...

Page 651: ...ch IP default num It means to set the default number of session num limit Defautlp2p num It means to set the default number of session num limit for p2p status It means to display the current settings show It means to display all session limit settings in the IP range timer num It means to set when the IP session block works The unit is second block unblock IP It means to block unblock the specifi...

Page 652: ...S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description on It means to turn on the IP bandwidth limit off It means to turn off the IP bandwidth limit default tx_rate rx_rate It means to set default tx and rx rate of bandwidth limit The range is from 0 65535 Kpbs status It means to display the current settings show It means to display all the bandwidth limits settings within the ...

Page 653: ...dd IP MAC Comment ip bindmac del IP all S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description on It means to turn on IP bandmac policy Even the IP is not in the policy table it can still access into network off It means to turn off all the bindmac policy strict_on It means that only those IP address in IP bindmac policy table can access into network show It means to display th...

Page 654: ...specified here means the total NAT users that Vigor router supports 0 It means no limitation E Ex xa am mp pl le e ip maxnatuser 100 Max NAT user 100 T Te el ln ne et t C Co om mm ma an nd d i ip p6 6 a ad dd dr r This command allows users to set the IPv6 address for your router ip6 addr s prefix prefix length LAN WAN1 WAN2 iface ip6 addr d prefix prefix length LAN WAN1 WAN2 iface ip6 addr a LAN W...

Page 655: ...ta ax x D De es sc cr ri ip pt ti io on n Parameter Description req_opt It means option request LAN WAN1 WAN2 iface It means to specify LAN or WAN interface for such address command parameter The available commands with parameters are listed below means that you can type in several commands in one line a It means to show current DHCPv6 status s It means to ask the SIP S It means to ask the SIP nam...

Page 656: ...r Description client It means the dhcp client settings command parameter The available commands with parameters are listed below means that you can type in several commands in one line a It means to show current DHCPv6 status p IAID It means to request identity association ID for Prefix Delegation n IAID It means to request identity association ID for Non temporary Address c parameter It means to ...

Page 657: ...several commands in one line a It means to show current DHCPv6 status i pool_min_addr It means to set the start IPv6 address of the address pool x pool_max_addr It means to set the end IPv6 address of the address pool d addr It means to set the first DNS IPv6 address D addr It means to set the second DNS IPv6 address c parameter It means to send rapid commit to server 1 Enable 0 Disable e paramete...

Page 658: ...e Mandatory and n means different modes represented by 0 5 n 0 Offline n 1 PPP n 2 TSPC n 3 AICCU n 4 DHCPv6 n 5 Static n 6 6in4 Static n 7 6rd command parameter The available commands with parameters are listed below means that you can type in several commands in one line m n It means to set IPv6 MTU N any value 0 means unspecified u username It means to set Username username type a name as the u...

Page 659: ...s reboot command to reboot the router system reboot T Te el ln ne et t C Co om mm ma an nd d i ip p6 6 n ne ei ig gh h This command allows you to display IPv6 neighbour table ip6 neigh s inet6_addr eth_addr LAN WAN1 WAN2 ip6 neigh d inet6_addr LAN WAN1 WAN2 ip6 neigh a inet6_addr N LAN WAN1 WAN2 S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description s It means to add a neighbou...

Page 660: ...command allows you to add a proxy neighbour ip6 pneigh s inet6_addr LAN WAN1 WAN2 ip6 pneigh d inet6_addr LAN WAN1 WAN2 ip6 pneigh a inet6_addr N LAN WAN1 WAN2 S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description s It means to add a proxy neighbour d It means to delete a proxy neighbour a It means to show proxy neighbour status inet6_addr Type an IPv6 address LAN WAN1 WAN2 Sp...

Page 661: ...he default route prefix It means to type the prefix number of IPv6 address prefix length It means to type a fixed value as the length of the prefix gateway It means the gateway of the router LAN WAN1 WAN2 iface It means to specify LAN or WAN interface for such address E Ex xa am mp pl le e ip6 route s FE80 250 7FFF FE12 500 16 FE80 250 7FFF FE12 100 LAN Route FE80 250 7FFF FE12 500 16 successfully...

Page 662: ...ddress Host It means to specify the IPv6 address or host for ping LAN WAN1 WAN2 It means to specify LAN or WAN interface for such address E Ex xa am mp pl le e ip6 ping 2001 4860 4860 8888 WAN2 Pinging 2001 4860 4860 8888 with 64 bytes of Data Receive reply from 2001 4860 4860 8888 time 330ms Receive reply from 2001 4860 4860 8888 time 330ms Receive reply from 2001 4860 4860 8888 time 330ms Receiv...

Page 663: ...30 ms 3 2001 4DE0 A 1 330 ms 4 2001 4DE0 1000 34 1 340 ms 5 2001 7F8 1 A501 5169 1 330 ms 6 2001 4860 1 0 4B3 350 ms 7 2001 4860 8 0 2DAF 330 ms 8 2001 4860 2 0 66E 340 ms 9 Request timed out 10 2001 4860 4860 8888 350 ms Trace complete T Te el ln ne et t C Co om mm ma an nd d i ip p6 6 t ts sp pc c This command allows you to display TSPC status ip6 tspc ifno S Sy yn nt ta ax x D De es sc cr ri ip...

Page 664: ...lt lifetime of the RADVD server 1 Enable the RADVD server 0 Disable the RADVD server Lifetime It means to set the lifetime The lifetime associated with the default router in units of seconds It s used to control the lifetime of the prefix The maximum value corresponds to 18 2 hours A lifetime of 0 indicates that the router is not a default router and should not appear on the default router list Ty...

Page 665: ...llowed to be configured for IPv6 management prefix It means to type the IPv6 address which will be used for accessing Internet prefix length It means to type a fixed value as the length of the prefix remove It means to remove delete the specified index number with IPv6 settings flush It means to clear the IPv6 access table http telnet ping https ssh These protocols are used for accessing Internet ...

Page 666: ...n Parameter Description ifno It means the connection interface 0 LAN1 1 WAN1 2 WAN2 E Ex xa am mp pl le e ip6 online 0 LAN 1 online status Interface UP IPv6 DNS Server Static IPv6 DNS Server Static IPv6 DNS Server Static Tx packets 408 Tx bytes 32160 Rx packets 428 Rx bytes 33636 ip6 online 1 WAN 1 online status IPv6 WAN1 Disabled Default Gateway UpTime 0 00 00 Interface DOWN IPv6 DNS Server Stati...

Page 667: ...nection interface 1 WAN1 2 WAN2 add It means to add an IPv6 address which can be used to execute management through Internet prefix It means to type the IPv6 address which will be used for accessing Internet prefix length It means to type a fixed value as the length of the prefix remove It means to remove delete the specified index number with IPv6 settings show It means to display the AICCU statu...

Page 668: ...l ln ne et t C Co om mm ma an nd d i ip pf f v vi ie ew w IPF users to view the version of the IP filter to view set the log flag to view the running IP filter rules ipf view VcdhrtzZ S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description V It means to show the version of this IP filter c It means to show the running call filter rules d It means to show the running data filter ...

Page 669: ... Call Filter e g c 2 The range for the index number you can type is 0 to 12 0 means disable d SET_NO It means to setup Data Filter e g d 3 The range for the index number you can type is 0 to 12 0 means disable l VALUE It means to setup Log Flag e g l 2 Type 0 to disable the log flag Type 1 to display the log of passed packet Type 2 to display the log of blocked packet Type 3 to display the log of ...

Page 670: ... Set 2 Log Flag None Actions for packet not matching any rule Pass or Block Pass CodePage ANSI 1252 Latin I Max Sessions Limit 60000 Current Sessions 0 Mac Bind IP Non Strict QOS Class None APP Enforcement None URL Content Filter None Load Balance policy Auto select CodePage ANSI 1252 Latin I Window size 65535 Session timeout 1440 DrayTek Banner Enable Apply IP filter to VPN incoming packets Enabl...

Page 671: ...figure source IP address including address type start IP address end IP address and address mask u It means user defined Address Type Type the number representing different address type 0 Subnet Address 1 Single Address 2 Any Address 3 Range Address Example Set Subnet Address s u 0 192 168 1 10 255 255 255 0 Set Single Address s u 1 192 168 1 10 Set Any Address s u 2 Set Range Address s u 3 192 16...

Page 672: ...1 96 For example S 0 1 means the first service type object profile S u protocol source_port__value destination_port_vale It means to configure advanced settings for Service Type such as protocol and port range u it means user defined protocol It means TCP 6 UDP 17 TCP UDP 255 source_port__value 1 Port OP range is 0 3 0 1 2 3 3 Port range of the Start Port Number range is 1 65535 5 Port range of th...

Page 673: ...I 4 ANSI 1253 Greek 5 ANSI 1254 Turkish 6 ANSI 1255 Hebrew 7 ANSI 1256 Arabic 8 ANSI 1257 Baltic 9 ANSI 1258 Viet Nam 10 OEM 437 United States 11 OEM 850 Multilingual Latin I 12 OEM 860 Portuguese 13 OEM 861 Icelandic 14 OEM 863 Canadian French 15 OEM 865 Nordic 16 ANSI OEM 874 Thai 17 ANSI OEM 932 Japanese Shift JIS 18 ANSI OEM 936 Simplified Chinese GBK 19 ANSI OEM 949 Korean 20 ANSI OEM 950 Tra...

Page 674: ...40 DrayTek Banner Enable Strict Security Checking APP Enforcement T Te el ln ne et t C Co om mm ma an nd d i ip pf f f fl lo ow wt tr ra ac ck k This command is used to set and view flowtrack sessions ipf flowtrack set re ipf flowtrack view f ipf flowtrack i p t S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description r It means to refresh the flowtrack e It means to enable or di...

Page 675: ... 8 8 53 ifno 0 REPLY 8 8 8 8 53 192 168 1 11 15073 ifno 3 proto 17 age 93025100 2000 flag 203 ORIGIN 192 168 1 11 7247 8 8 8 8 53 ifno 0 REPLY 8 8 8 8 53 192 168 1 11 7247 ifno 3 proto 17 age 93020100 7000 flag 203 End to show the flowtrack sessions state T Te el ln ne et t C Co om mm ma an nd d L Lo og g This command allows users to view log for WAN interface such as call log IP filter log flush ...

Page 676: ...P WAN 5 Len 548XID 0x7880fdd4 Client IP 0 0 0 0 Your IP 0 0 0 0 Next server IP 0 0 0 0 Relay agent IP 0 0 0 0 25 36 49 580 DHCP WAN 5 Len 548XID 0x7880fdd4 Client IP 0 0 0 0 Your IP 0 0 0 0 Next server IP 0 0 0 0 Relay agent IP 0 0 0 0 25 36 57 580 DHCP WAN 5 Len 548XID 0x7880fdd4 Client IP 0 0 0 0 Your IP 0 0 0 0 MORE q Quit Enter New Lines Space Bar Next Page T Te el ln ne et t C Co om mm ma an ...

Page 677: ... S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description Https port It means to type the number for HTTPS port The default setting is 443 E Ex xa am mp pl le e mngt httpsport 443 Set web server port to 443 done T Te el ln ne et t C Co om mm ma an nd d m mn ng gt t t te el ln ne et tp po or rt t This command allows users to set telnet port for management mngt telnetport Telnet po...

Page 678: ...disable It means to inactivate FTP server function E Ex xa am mp pl le e mngt ftpserver enable FTP server has been enabled mngt ftpserver disable FTP server has been disabled T Te el ln ne et t C Co om mm ma an nd d m mn ng gt t n no op pi in ng g This command is used to pass or block Ping from LAN PC to the internet mngt noping on mngt noping off mngt noping viewlog mngt noping clearlog S Sy yn n...

Page 679: ... out add port It means to add a new TCP port for block del port It means to delete a TCP port for block viewlog It means to display a log of defense worm packet including source MAC and source IP clearlog It means to remove the log of defense worm packet E Ex xa am mp pl le e mngt defenseworm add 21 Add TCP port 21 Block TCP port list 135 137 138 139 445 21 mngt defenseworm del 21 Delete TCP port ...

Page 680: ...g enable mngt rmtcfg enable Remote configure function has been enabled mngt rmtcfg ftp on FTP server has been enabled T Te el ln ne et t C Co om mm ma an nd d m mn ng gt t l la an na ac cc ce es ss s This command allows users to manage accessing into Vigor router through LAN port mngt lanaccess e 0 1 s value i value mngt lanaccess f mngt lanaccess d mngt lanaccess v mngt lanaccess h S Sy yn nt ta ...

Page 681: ...TELNET Yes SSH No Subnet LAN 2 disabled LAN 3 enabled LAN 4 disabled LAN 5 disabled LAN 6 disabled DMZ disabled IP Routed Subnet disabled Note the settings do NOT apply to LAN1 LAN1 is always allowed to access the router T Te el ln ne et t C Co om mm ma an nd d m mn ng gt t e ec ch ho oi ic cm mp p This command allows users to reject or accept PING packets from the Internet mngt echoicmp enable mn...

Page 682: ...e IP address remove It means to delete the selected item flush It means to remove all the settings in the access list E Ex xa am mp pl le e mngt accesslist add 1 192 168 1 89 255 255 255 0 Set OK mngt accesslist list Access list Index IP address Subnet mask 1 192 168 1 89 255 255 255 0 T Te el ln ne et t C Co om mm ma an nd d m mn ng gt t s sn nm mp p This command allows you to configure SNMP for ...

Page 683: ...n on Get Community set to draytek Set Community set to DK Manager Host IP set to 192 168 1 1 Trap Community set to trapcom Notification Host IP set to 10 20 3 40 Trap Timeout set to 88 seconds T Te el ln ne et t C Co om mm ma an nd d m ms su ub bn ne et t s sw wi it tc ch h This command is used to configure multi subnet msubnet switch 2 3 4 5 6 On Off S Sy yn nt ta ax x D De es sc cr ri ip pt ti i...

Page 684: ...net IP address done This setting will take effect after rebooting Please use sys reboot command to reboot the router T Te el ln ne et t C Co om mm ma an nd d m ms su ub bn ne et t n nm ma as sk k This command is used to configure net mask address for the specified LAN interface msubnet nmask 2 3 4 5 6 IP address S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description 2 3 4 5 6 I...

Page 685: ...Gateway 0 0 0 0 Start IP 0 0 0 10 Pool Count 50 T Te el ln ne et t C Co om mm ma an nd d m ms su ub bn ne et t d dh hc cp ps s This command allows you to enable or disable DHCP server for the subnet msubnet dhcps 2 3 4 5 6 On Off S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description 2 3 4 5 6 It means LAN interface 2 LAN2 3 LAN3 4 LAN4 5 LAN5 6 LAN6 On Off On means enabling th...

Page 686: ...s for Routing usage Note If you have multiple WAN connections please be reminded to setup a Load Balance policy so that packets from this subnet will be forwarded to the right WAN interface This setting will take effect after rebooting Please use sys reboot command to reboot the router T Te el ln ne et t C Co om mm ma an nd d m ms su ub bn ne et t g ga at te ew wa ay y This command is used to conf...

Page 687: ... 2 LAN2 3 LAN3 4 LAN4 5 LAN5 6 LAN6 IP counts Specify a total number of IP address allowed for each LAN interface The available range is from 0 to 220 E Ex xa am mp pl le e msubnet ipcnt 2 15 This setting will take effect after rebooting Please use sys reboot command to reboot the router T Te el ln ne et t C Co om mm ma an nd d m ms su ub bn ne et t t ta al lk k This command is used to establish a...

Page 688: ... startip 2 3 4 5 6 Gateway IP S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description 2 3 4 5 6 It means LAN interface 2 LAN2 3 LAN3 4 LAN4 5 LAN5 6 LAN6 Gateway IP Type an IP address as the starting IP address for a subnet E Ex xa am mp pl le e msubnet startip 2 192 168 2 90 Set LAN2 Dhcp Start IP done This setting will take effect after rebooting Please use sys reboot command ...

Page 689: ...3 200 LAN4 192 168 4 200 LAN5 192 168 5 200 LAN6 192 168 6 200 T Te el ln ne et t C Co om mm ma an nd d m ms su ub bn ne et t n no od de et ty yp pe e This command is used to specify the type for node which is required by DHCP option msubnet nodetype 2 3 4 5 6 count S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description 2 3 4 5 6 It means LAN interface 2 LAN2 3 LAN3 4 LAN4 5 LA...

Page 690: ...ype the IP address as the WINS IP E Ex xa am mp pl le e msubnet primWINS msubnet primWINS 2 3 4 5 6 WINS IP Now LAN2 0 0 0 0 LAN3 0 0 0 0 LAN4 0 0 0 0 LAN5 0 0 0 0 LAN6 0 0 0 0 msubnet primWINS 2 192 168 3 5 Set LAN2 Dhcp Primary WINS IP done msubnet primWINS msubnet primWINS 2 3 4 5 6 WINS IP Now LAN2 192 168 3 5 LAN3 0 0 0 0 LAN4 0 0 0 0 LAN5 0 0 0 0 LAN6 0 0 0 0 T Te el ln ne et t C Co om mm ma...

Page 691: ... s Guide 679 E Ex xa am mp pl le e msubnet secWINS 2 192 168 3 89 Set LAN2 Dhcp Secondary WINS IP done msubnet secWINS msubnet secWINS 2 3 4 5 6 WINS IP Now LAN2 192 168 3 89 LAN3 0 0 0 0 LAN4 0 0 0 0 LAN5 0 0 0 0 LAN6 0 0 0 0 ...

Page 692: ...ftp msubnet tftp 2 3 4 5 6 TFTP server name Now LAN2 LAN3 LAN4 LAN5 LAN6 msubnet tftp 2 publish Set LAN2 TFTP Server Name done msubnet tftp msubnet tftp 2 3 4 5 6 TFTP server name Now LAN2 publish LAN3 LAN4 LAN5 LAN6 T Te el ln ne et t C Co om mm ma an nd d m ms su ub bn ne et t m mt tu u This command allows you to configure MTU value for LAN DMZ IP Routed Subnet msubnet mtu interface value S Sy y...

Page 693: ...NAME object ip obj INDEX i INTERFACE object ip obj INDEX s INVERT object ip obj INDEX a TYPE START_IP END MASK_IP S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description setdefault It means to return to default settings for all profiles INDEX It means the index number of the specified object profile v It means to view the information of the specified object profile Example objec...

Page 694: ... 1 45 object ip obj 1 v IP Object Profile 1 Name marketing Interface Any Address type single Start ip address 192 168 1 45 End Mask ip address 0 0 0 0 Invert Selection 0 T Te el ln ne et t C Co om mm ma an nd d o ob bj je ec ct t i ip p g gr rp p This command is used to integrate several IP objects under an IP group profile object ip grp setdefault object ip grp INDEX v object ip grp INDEX n NAME ...

Page 695: ...INDEX It means to specify IP object profiles for the group profile Example object ip grp 3 a 1 2 3 4 5 The IP object profiles with index number 1 2 3 4 and 5 will be group under such profile E Ex xa am mp pl le e object ip grp 2 n First IP Group Profile 2 Name First Interface Any Included ip object index 0 0 1 0 2 0 3 0 4 0 5 0 6 0 7 0 object ip grp 2 i 1 object ip grp 2 a 1 2 IP Group Profile 2 N...

Page 696: ...1 v n NAME It means to define a name for the IP object NAME Type a name with less than 15 characters Example object ip obj 9 n bruce i INTERFACE It means to define an interface for the IP object INTERFACE 0 means any INTERFACE 1 means LAN INTERFACE 3 means WAN Example object ip obj 8 i 0 s INVERT It means to set invert seletion for the object profile INVERT 0 means disableing the function INVERT 1...

Page 697: ...c cr ri ip pt ti io on n Parameter Description setdefault It means to return to default settings for all profiles INDEX It means the index number of the specified group profile v It means to view the information of the specified group profile Example object ip grp 1 v n NAME It means to define a name for the IP group NAME Type a name with less than 15 characters Example object ip grp 8 n bruce i I...

Page 698: ... object service obj INDEX v object service obj INDEX n NAME object service obj INDEX p PROTOCOL object service obj INDEX s CHK START_P END_P object service obj INDEX d CHK START_P END_P S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description setdefault It means to return to default settings for all profiles INDEX It means the index number of the specified service object profile ...

Page 699: ...ort and ending port values are different it indicates that all the ports except the range defined here are available for this service type 2 larger the port number greater than this value is available 3 less the port number less than this value is available for this profile s CHK START_P END_P It means to set souce port check and configure port range 1 65565 for TCP UDP END_P type a port number to...

Page 700: ...eans the index number of the specified group profile v It means to view the information of the specified group profile Example object service grp 1 v n NAME It means to define a name for the service group NAME Type a name with less than 15 characters Example object service grp 8 n bruce a SER_OBJ_INDEX It means to specify service object profiles for the group profile Example object service grp 3 a...

Page 701: ...ber show It means to show the contents for all of the profiles INDEX It means the index number of the specified keyword profile v It means to view the information of the specified keyword profile n NAME It means to define a name for the keyword profile NAME Type a name with less than 15 characters a CONTENTS It means to set the contents for the keyword profile Example object kw obj 40 a test E Ex ...

Page 702: ... NAME It means to define a name for the file extension object profile NAME Type a name with less than 15 characters e It means to enable the specific CATEGORY or FILE_EXTENSION d It means to disable the specific CATEGORY or FILE_EXTENSION CATEGORY FILE_EXTENSION CATEGORY Image Video Audio Java ActiveX Compression Executation Example object fe obj 1 e Image FILE_EXTENSION bmp dib gif jpeg jpg jpg2 ...

Page 703: ...gory asf avi mov mpe mpeg mpg v mp4 qt rm v wmv 3gp 3gpp 3gpp2 3g2 Audio category v aac v aiff v au v mp3 v m4a v m4p v ogg v ra v ram v vox v wav v wma Java category class jad jar jav java jcm js jse jsp jtk ActiveX category alx apb axs ocx olb ole tlb viv vrm Compression category ace arj bzip2 bz2 cab gz gzip rar sit zip Executation category bas bat com exe inf pif reg scr ...

Page 704: ... type for the specific port AN auto negotiate 100F 100M Full Duplex 100H 100M Half Duplex 10F 10M Full Duplex 10H 10M Half Duplex status It means to view the Ethernet port status sniff on off port txrx restart sta tus 802 1x enable disable statu s addport delport wanfc It means to set WAN flow control E Ex xa am mp pl le e port 1 100F Set Port 1 Force speed 100 Full duplex OK T Te el ln ne et t C ...

Page 705: ... SYN protocol sec Type a number to set the TCP SYN session timeout f It means to flush all portmaps useful for diagnostics l List List all settings E Ex xa am mp pl le e portmaptime t 86400 u 300 i 10 portmaptime l Current setting TCP Timeout 86400 sec UDP Timeout 300 sec IGMP Timeout 10 sec TCP WWW Timeout 60 sec TCP SYN Timeout 60 sec T Te el ln ne et t C Co om mm ma an nd d p pr rn n This comma...

Page 706: ...2 out apply to outgoing traffic only 3 both apply to both incoming and outgoing traffic Default is enable for outgoing traffic i bandwidth It means to set inbound bandwidth in kbps Ethernet WAN only The available setting is from 1 to 100000 o bandwidth It means to set outbound bandwidth in kbps Ethernet WAN only The available setting is from 1 to 100000 r index ratio It means to set ratio for clas...

Page 707: ...s XDSL model don t need to set up Wan 1 is XDSL model don t need to set up WAN1 class 3 ratio set to 20 WAN1 udp bandwidth control set to enable WAN1 udp bandwidth limit ratio set to 50 WAN1 Outbound TCP ACK Prioritizel set to enable QoS WAN1 set complete restart QoS ...

Page 708: ...to delete specified rule no type the index number for the rule m mode It means to enable or disable the specified rule 0 disable 1 enable l addr Set the local address Addr1 It means Single address Please specify the IP address directly for example l 172 16 3 9 addr1 addr2 It means Range address Please specify the IP addresses for example l 172 16 3 9 172 16 3 50 addr1 subnet It means the subnet ad...

Page 709: ...several commands in one line E Ex xa am mp pl le e qos class c 2 n draytek a m 1 l 192 168 1 50 192 168 1 80 Following setting will set in the class2 class 2 name set to draytek Add a rule in class2 Class2 the 1 rule enabled Set local address type to Range 192 168 1 50 192 168 1 80 T Te el ln ne et t C Co om mm ma an nd d q qo os s t ty yp pe e This command allows user to configure protocol type a...

Page 710: ...ommand screen T Te el ln ne et t C Co om mm ma an nd d s sh ho ow w l la an n This command displays current status of LAN IP address settings E Ex xa am mp pl le e show lan The LAN settings ip mask dhcp star_ip pool gateway V LAN1 192 168 1 1 255 255 255 0 V 192 168 1 10 200 192 168 1 1 X LAN2 192 168 2 1 255 255 255 0 V 192 168 2 10 100 192 168 2 1 X LAN3 192 168 3 1 255 255 255 0 V 192 168 3 10 ...

Page 711: ...t Secondary DNS Not set T Te el ln ne et t C Co om mm ma an nd d s sh ho ow w o op pe en np po or rt t This command displays current status of open port setting E Ex xa am mp pl le e show openport Openport settings Index Status Comment Local IP Address No data entry T Te el ln ne et t C Co om mm ma an nd d s sh ho ow w n na at t This command displays current status of NAT E Ex xa am mp pl le e sho...

Page 712: ...nd displays the reuse time of NAT session Level0 It is the default setting Level1 It will be applied when the NAT sessions are smaller than 25 of the default setting Level2 It will be applied when the NAT sessions are smaller than the eighth of the default setting E Ex xa am mp pl le e show pmtime Level0 TCP 86400001 UDP 300001 ICMP 10001 Level1 TCP 600000 UDP 90000 ICMP 7000 Level2 TCP 60000 UDP ...

Page 713: ...INING TX Block 0 RX Block 0 Corrected Blocks 0 Uncorrected Blocks 0 UP Speed 0 Down Speed 0 SNR Margin 0 Loop Att 0 T Te el ln ne et t C Co om mm ma an nd d s sh ho ow w a ad ds sl l This command displays current status of ADSL E Ex xa am mp pl le e Vigor show adsl ATU R Info hw annex A f w annex A Running Mode T1 413 State TRAINING DS Actual Rate 0 bps US Actual Rate 0 bps DS Attainable Rate 0 bp...

Page 714: ... 0 Bytes RX 0 Bytes WAN5 total TX 0 Bytes RX 0 Bytes T Te el ln ne et t C Co om mm ma an nd d s sr rv v d dh hc cp p b ba ad di ip p This command is reserved for future using srv dhcp badip E Ex xa am mp pl le e srv dhcp badip T Te el ln ne et t C Co om mm ma an nd d s sr rv v d dh hc cp p p pu ub bl li ic c This command allows users to configure DHCP server for second subnet srv dhcp public start...

Page 715: ... dn ns s1 1 This command allows users to set Primary IP Address for DNS Server in LAN srv dhcp dns1 srv dhcp dns1 DNS IP address S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description It means to display current IP address of DNS 1 for the DHCP server DNS IP address It means the IP address that you want to use as DNS1 Note The IP Routed Subnet DNS must be the same as NAT Subnet...

Page 716: ... on n Parameter Description It means to display the current status on It means to use manual setting for DNS setting Off It means to use auto settings acquired from ISP E Ex xa am mp pl le e srv dhcp frcdnsmanl on Domain name server now is using manual settings srv dhcp frcdnsmanl off Domain name server now is using auto settings T Te el ln ne et t C Co om mm ma an nd d s sr rv v d dh hc cp p g ga...

Page 717: ...oot router T Te el ln ne et t C Co om mm ma an nd d s sr rv v d dh hc cp p o on n This function allows users to turn on DHCP server It needs rebooting router please type sys reboot command to reboot router T Te el ln ne et t C Co om mm ma an nd d s sr rv v d dh hc cp p r re el la ay y This command allows users to set DHCP relay setting srv dhcp relay servip server ip srv dhcp relay subnet index S ...

Page 718: ...e DHCP server such as IP address MAC address leased time host ID and so on E Ex xa am mp pl le e srv dhcp status DHCP server Relay Agent Default gateway 192 168 1 1 Index IP Address MAC Address Leased Time HOST ID 1 192 168 1 113 00 05 5D E4 D8 EE 17 20 08 A1000351 T Te el ln ne et t C Co om mm ma an nd d s sr rv v d dh hc cp p l le ea as se et ti im me e This command can set the lease time for th...

Page 719: ...cp nodetype count 1 B node 2 P node 4 M node 8 H node Now 1 T Te el ln ne et t C Co om mm ma an nd d s sr rv v d dh hc cp p p pr ri im mW WI IN NS S This command can set the primary IP address for the DHCP server srv dhcp primWINS WINS IP address srv dhcp primWINS clear S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description WINS IP address It means the IP address of primary WIN...

Page 720: ... v d dh hc cp p e ex xp pi ir re ed d_ _R Re ec cy yc cl le eI IP P This command can set the time to check if the IP address can be assigned again by DHCP server or not srv dhcp expRecycleIP sec time S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description sec time It means to set the time 5 300 seconds for checking if the IP can be assigned again or not E Ex xa am mp pl le e Vig...

Page 721: ...e of this command l It means to display all the user defined DHCP options d idx It means to delete the option number by specifying its index number e 1 or 0 It means to enable disable custom option feature 1 enable 0 disable c It means to set option number Available number ranges from 0 to 255 v It means to set option number by typing string a It means to set the option value by specifying the IP ...

Page 722: ...eter The available commands with parameters are listed below means that you can type in several commands in one line e It means to enable disable such feature 1 enable 0 disable i It means to specify the private IP address of the DMZ host r It means to remove DMZ host setting v It means to display current status E Ex xa am mp pl le e srv nat dmz 1 1 i 192 168 1 96 srv nat dmz v WAN1 DMZ mapping st...

Page 723: ...he range is from 1 to 20 m It means to specify the sub item number for this profile The range is from 1 to 10 command parameter The available commands with parameters are listed below means that you can type in several commands in one line a enable It means to enable or disable the open port rule profile 0 disable 1 enable c comment It means to type the description less than 23 characters for the ...

Page 724: ... Private IP address 0 0 0 0 Index Protocal Start Port End Port Status Disable Comment Private IP address 0 0 0 0 Index Protocal Start Port End Port T Te el ln ne et t C Co om mm ma an nd d s sr rv v n na at t p po or rt tm ma ap p This command allows users to set port redirection table for NAT server srv nat portmap add idx serv name proto pub port pri ip pri port wan1 wan2 srv nat portmap del idx...

Page 725: ...isable idx It means to inactivate the selected port redirection setting enable idx It means to activate the selected port redirection setting flush It means to clear all the port mapping settings table It means to display Port Redirection Configuration Table E Ex xa am mp pl le e srv nat portmap add 1 game tcp 80 192 168 1 11 100 wan1 srv nat portmap table NAT Port Redirection Configuration Table ...

Page 726: ... 0 0 10 0 0 0 0 0 0 0 11 0 0 0 0 0 0 0 12 0 0 0 0 0 0 0 13 0 0 0 0 0 0 0 14 0 0 0 0 0 0 0 15 0 0 0 0 0 0 0 16 0 0 0 0 0 0 0 17 0 0 0 0 0 0 0 18 0 0 0 0 0 0 0 19 0 0 0 0 0 0 0 20 0 0 0 0 0 0 0 MORE q Quit Enter New Lines Space Bar Next Page T Te el ln ne et t C Co om mm ma an nd d s sr rv v n na at t s sh ho ow wa al ll l This command allows users to view a summary of NAT port redirection setting o...

Page 727: ...y the data transmission from the client E Ex xa am mp pl le e switch i 1 traffic on External Device NO 1 traffic statistic function is enable T Te el ln ne et t C Co om mm ma an nd d s sw wi it tc ch h o on n This command is used to turn on the auto discovery for external devices E Ex xa am mp pl le e switch on Enable Extrnal Device auto discovery T Te el ln ne et t C Co om mm ma an nd d s sw wi i...

Page 728: ...e or disable the switch query E Ex xa am mp pl le e switch query on Extern Device status query is Enable switch query off Extern Device status query is Disable T Te el ln ne et t C Co om mm ma an nd d s sy ys s a ad dm mi in n This command is used for RD engineer to access into test mode of Vigor router T Te el ln ne et t C Co om mm ma an nd d s sy ys s a ad dm mi in nu us se er r This command is ...

Page 729: ...er Name carrie User Password test123 T Te el ln ne et t C Co om mm ma an nd d s sy ys s b bo on nj jo ou ur r This command is used to disable enable and configure the Bonjour service sys bonjour command parameter S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description e enable It is used to disable enable bonjour service 0 disable 1 enable h enable It is used to disable enable h...

Page 730: ...tus Profile version 3 0 0 Status 1 0x491e5e6c sys cfg default T Te el ln ne et t C Co om mm ma an nd d s sy ys s c cm md dl lo og g This command displays the history of the commands that you have typed E Ex xa am mp pl le e sys cmdlog Commands Log The lowest index is the newest 1 sys cmdlog 2 sys cmdlog 3 sys 4 sys cfg status 5 sys cfg T Te el ln ne et t C Co om mm ma an nd d s sy ys s f ft tp pd ...

Page 731: ...me wan2 intellegent sys domainname sys domainname wan1 wan2 Domain Name Suffix max 40 characters sys domainname wan1 wan2 clear Now wan1 clever wan2 intelligent T Te el ln ne et t C Co om mm ma an nd d s sy ys s i if fa ac ce e This command displays the current interface connection status UP or Down with IP address MAC address and Netmask for the router E Ex xa am mp pl le e sys iface Interface 0 ...

Page 732: ...ion wan1 It means to specify WAN interface for assigning a name for it ASCII string It means the name for router The maximum character that you can set is 20 E Ex xa am mp pl le e sys name wan1 drayrouter sys name sys name wan1 wan2 ASCII string max 20 characters sys name wan1 wan2 clear Now wan1 drayrouter wan2 Note Such name can be used to recognize router s identification in SysLog dialog T Te ...

Page 733: ...router reboot For example if you type 2 in this field the router will reboot with an interval of two hours E Ex xa am mp pl le e sys autoreboot on autoreboot is ON sys autoreboot 2 autoreboot is ON autoreboot time is 2 hour s T Te el ln ne et t C Co om mm ma an nd d s sy ys s c co om mm mi it t This command allows users to save current settings to FLASH Usually current settings will be saved in SR...

Page 734: ...play the system memory status and leakage list E Ex xa am mp pl le e sys qrybuf System Memory Status and Leakage List Buf sk_buff 200B used 1647 cached 30 Buf KMC4088 4088B used 0 cached 8 Buf KMC2552 2552B used 1641 cached 42 Buf KMC1016 1016B used 7 cached 1 Buf KMC504 504B used 8 cached 8 Buf KMC248 248B used 26 cached 22 Buf KMC120 120B used 67 cached 61 Buf KMC56 56B used 20 cached 44 Buf KMC...

Page 735: ...It means to turn on the bridge task for improving the triple play quality off It means to turn off the bridge task E Ex xa am mp pl le e sys britask on bridge task is ON now T Te el ln ne et t C Co om mm ma an nd d s sy ys s t tr r0 06 69 9 This command can set CPE settings for applying in VigorACS sys tr069 get parm option sys tr069 set parm value sys tr069 getnoti parm sys tr069 setnoti parm val...

Page 736: ... VALUE CHANGE 5 5 KICKED 6 6 CONNECTION REQUEST 7 7 TRANSFER COMPLETE 8 8 DIAGNOSTICS COMPLETE 9 M Reboot port port num It means to change tr069 listen port number cert_auth on off on turn on certificate based authentication off turn off certificate based authentication E Ex xa am mp pl le e sys tr069 get Int nextlevel Total number of parameter is 24 Total content length of parameter is 915 Intern...

Page 737: ...rsal sys sip_alg 1 sys sip_alg 0 S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description 1 It means to turn on SIP ALG 0 It means to turn off SIP ALG E Ex xa am mp pl le e sys sip_alg usage sys sip_alg value 0 disable SIP ALG 1 enable SIP ALG current SIP ALG is disabled T Te el ln ne et t C Co om mm ma an nd d s sy ys s l li ic ce en ns se e This command can process the system l...

Page 738: ...g g_ _l lo og g This command is used for RD debug sys diag_log status enable disable flush lineno w level x feature on off y log S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description status It means to show the status of diagnostic log enable It means to enable the function of diag_log disable It means to disenable the function of diag_log flush It means the flush log buffer l...

Page 739: ...L Status was switched Init 5 to Restart 10 0 00 02 DSL Status was switched Restart 10 to FirmwareRequest 1 0 00 02 DSL Line state has changed 00000000 000000FF 0 00 02 DSL Entering VDSL2 mode 0 00 03 DSL modem code 05 04 08 00 00 06 0 00 05 DSL Status was switched FirmwareRequest 1 to firmwareReady 3 0 00 05 DSL Status was switched firmwareReady 3 to Init 5 0 00 05 DSL nXtseA 0d nXtseB 00 nXtseV 0...

Page 740: ...Duration 0 PortMapEnabled 0 Ftp Example MICROSOFT 1 InternalClient 0 0 0 0 RemoteHost 0 0 0 0 InternalPort 0 ExternalPort 0 PortMapProtocol NULL The tmpvirtual server index 0 PortMapLeaseDuration 0 PortMapEnabled 0 PortMapProtocol NULL The tmpvirtual server index 0 PortMapLeaseDuration 0 PortMapEnabled 0 0 MORE q Quit Enter New Lines Space Bar Next Page T Te el ln ne et t C Co om mm ma an nd d u u...

Page 741: ...968 4a54ca499148 T Te el ln ne et t C Co om mm ma an nd d u up pn np p s su ub bs sc cr ri ib be e This command can show all UPnP services subscribed E Ex xa am mp pl le e upnp on UPNP start upnp subscribe Vigor upnp subscribe 1 serviceType urn schemas microsoft com service OSInfo 1 Subscribtion1 sid 7a2bbdd0 0047 4fc8 b870 4597b34da7fb eventKey 1 ToSendEventKey 1 expireTime 6926 active 1 Delivery...

Page 742: ...ew Lines Space Bar Next Page T Te el ln ne et t C Co om mm ma an nd d u up pn np p w wa an n This command is used to specify WAN interface to apply UPnP upnp wan n S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description n It means to specify WAN interface to apply UPnP n 0 it means to auto select WAN interface n 1 WAN1 n 2 WAN2 E Ex xa am mp pl le e upnp wan 1 use wan1 now T Te ...

Page 743: ...G Y ZTE ZTE MF636 3 5G Y SpinCom SpinCom GPRS Modem 3 5G Y MORE q Quit Enter New Lines Space Bar Next Page T Te el ln ne et t C Co om mm ma an nd d v vi ig gb br rg g o on n This command can make the router to be regarded as a modem but not a router E Ex xa am mp pl le e vigbrg on Enable Vigor Bridge Function T Te el ln ne et t C Co om mm ma an nd d v vi ig gb br rg g o of ff f This command can di...

Page 744: ... the bridge WAN1 management E Ex xa am mp pl le e vigbrg wan1on Enable Vigor Bridge Wan1 management T Te el ln ne et t C Co om mm ma an nd d v vi ig gb br rg g w wa an n1 1o of ff f This command is used to disable the bridge WAN1 management E Ex xa am mp pl le e vigbrg wan1off Disable Vigor Bridge Wan1 management T Te el ln ne et t C Co om mm ma an nd d v vp pn n l l2 2l ls se et t This command al...

Page 745: ...d 10226 T Te el ln ne et t C Co om mm ma an nd d v vp pn n l l2 2l lD Dr ro op p This command allows users to terminate current LAN to LAN VPN connection E Ex xa am mp pl le e vpn l2lDrop T Te el ln ne et t C Co om mm ma an nd d v vp pn n d di in ns se et t This command allows users to configure setting for remote dial in VPN profile vpn dinset list index vpn dinset list index on off vpn dinset li...

Page 746: ...profile active vpn dinset 1 motp on Enable Mobile OTP mode vpn dinset 1 pin_secret 1234 e759bb6f0e94c7ab4fe6 vpn dinset 1 Dial in profile index 1 Profile Name Status Active Mobile OTP Enabled PIN 1234 Secret e759bb6f0e94c7ab4fe6 Idle Timeout 300 sec T Te el ln ne et t C Co om mm ma an nd d v vp pn n s su ub bn ne et t This command allows users to specify a subnet selection for the specified remote...

Page 747: ...x name l2tp_out ip usr pwd nip nmask Command of Dial In vpn setup index name dialin ip usr pwd key nip nmask S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description For PPTP Dial Out index It means the index number of the profile name It means the name of the profile ip It means the IP address to dial to usr pwd It means the user and the password required for the PPTP connection...

Page 748: ...4 192 168 1 0 255 255 255 0 For Dial In index It means the index number of the profile name It means the name of the profile ip It means the IP address allowed to dial in usr pwd It means the user and the password required for the PPTP L2TP connection key It means the value of IPsec Pre Shared Key nip nmask It means the remote network IP and the mask e g vpn setup 1 name1 dialin 1 2 3 4 vigor 1234...

Page 749: ...ile ena It means to enable or disable the profile on Enable off Disable thr It means the way that VPN connection passes through Available settings are wlf wlo w2f and w2o w1f WAN1 First w1o WAN1 Only w2f WAN2 First w2o WAN2 Only nnpkt It means the NetBios Naming Packet on Enable the function to pass the packet off Disable the function to block the packet dir It means the call direction Available s...

Page 750: ...pe 2 means 128kbps ltype 3 means BOD oname It means Dial Out Username oname admin means to set Username admin opwd It means Dial Out Password opwd 1234 means to set Password 1234 pauth It means PPP Authentication pauth pc means to set PPP Authentication PAP CHAP pauth p means to set PPP Authentication PAP Only ovj It means VJ Compression ovj on off means to enable disable VJ Compression okey It me...

Page 751: ...eans to allow VPN dial in with IP address of 203 12 23 48 Type off means any remote IP is allowed to dial in peerid It means the peer ID for Remote VPN Gateway Type draytek means the word is used as local ID iname It means Dial in Username iname admin means to set username as admin ipwd It means Dial in Password ipwd 1234 means to set password as 1234 ivj It means VJ Compression ivj on off means t...

Page 752: ...mote network you have to do mode r means to set Route mode mode n means to set NAT mode droute It means to Change default route to this VPN tunnel Only single WAN supports this droute on off means to enable disable the function E Ex xa am mp pl le e vpn option 1 idle 250 Change Log Idle Timeout 250 T Te el ln ne et t C Co om mm ma an nd d v vp pn n m mr ro ou ut te e This command allows users to l...

Page 753: ... list index net S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description all It means to list configuration of the specified profile com It means to list common settings of the specified profile out It means to list dial out settings of the specified profile in It means to list dial in settings of the specified profile net It means to list Network Settings of the specified profil...

Page 754: ...o keep alive off T Te el ln ne et t C Co om mm ma an nd d v vp pn n r re em mo ot te e This command allows users to enable or disable PPTP IPSec L2TP VPN service vpn remote PPTP IPSec L2TP on off S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description PPTP IPSec L2TP There are four types to be selected on off on enable VPN remote setting off disable VPN remote setting E Ex xa am...

Page 755: ...ex number of the profile Block Pass Pass Have an inquiry for data transmission between the hosts located on both sides of VPN Tunnel while connecting Block When there is conflict occurred between the hosts on both sides of VPN Tunnel in connecting set it block data transmission of Netbios Naming Packet inside the tunnel E Ex xa am mp pl le e vpn NetBios set H2l 1 Pass Remote Dial In Profile Index ...

Page 756: ...nt size MSS PPTP 1400 L2TP 1360 IPSec 1360 L2TP over IPSec 1360 T Te el ln ne et t C Co om mm ma an nd d v vp pn n i ik ke e This command is used to display IKE memory status and leakage list vpn ike q E Ex xa am mp pl le e vpn ike q IKE Memory Status and Leakage List of free L Buffer 95 minimum 94 leak 1 of free M Buffer 529 minimum 529 leak 3 of free S Buffer 1199 minimum 1198 leak 1 of free Msg...

Page 757: ...tunnel vpn pass2nd on vpn pass2nd off S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description on off on the packets can pass through NAT off the packets cannot pass through NAT E Ex xa am mp pl le e vpn pass2nd on 2nd subnet is allowed to pass VPN tunnel T Te el ln ne et t C Co om mm ma an nd d v vp pn n p pa as ss s2 2n na at t This command allows users to determine if the pack...

Page 758: ...nge is from 1400 to 1600 E Ex xa am mp pl le e wan ppp_mru 1 Now 1492 wan ppp_mru 1 1490 wan ppp_mru 1 Now 1490 wan ppp_mru 1 1492 wan ppp_mru 1 Now 1492 T Te el ln ne et t C Co om mm ma an nd d w wa an n m mt tu u This command allows users to adjust the size of MTU for WAN1 wan mtu value S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description value It means the number of MTU fo...

Page 759: ...his command allows you to disable WAN connection E Ex xa am mp pl le e wan disable WAN WAN disabled T Te el ln ne et t C Co om mm ma an nd d w wa an n e en na ab bl le e This command allows you to disable wan connection E Ex xa am mp pl le e wan enable WAN WAN1 enabled T Te el ln ne et t C Co om mm ma an nd d w wa an n f fo or rw wa ar rd d This command allows you to enable or disable the function...

Page 760: ...W IP TX Packets 0 TX Rate Bps 0 RX Packets 0 RX Rate Bps 0 PVC_WAN5 Offline stall N Mode Up Time 00 00 00 IP GW IP TX Packets 0 TX Rate Bps 0 RX Packets 0 RX Rate Bps 0 T Te el ln ne et t C Co om mm ma an nd d w wa an n v vd ds sl l This command allows you to configure display current VDSL status and configure the fallback mode for WAN connection wan vdsl show basic wan vdsl fbk_mode S Sy yn nt ta...

Page 761: ...ping detection The IP address of the target shall be set off It means to enable ARP detection default always_on disable link detect always connected only support static IP target It means to set the ping target ip addr It means the IP address used for detection Type an IP address in this field ttl It means to set the ping TTL value work as trace route If you do not set any value for ttl here or ju...

Page 762: ...d d w wa an n m mv vl la an n This command allows you to configure multi VLAN for WAN and LAN It supports pure bridge mode modem mode between Ethernet WAN and LAN port 2 4 wan mvlan pvc_no status save enable disable on off clear tag tag_no service type vlan priority px Keep Tag S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description pvc_no It means index number of PVC There are ...

Page 763: ...n 7 on p2 p3 p4 PVC Bridge p1 p2 p3 p4 p5 p6 Service Type Tag Priority Keep Tag 7 ON 0 0 1 1 0 0 Normal 0 OFF 0 OFF T Te el ln ne et t C Co om mm ma an nd d w wa an n m mu ul lt ti if fn no o This command allows you to specify a channel in Multi PVC VLAN to make bridge connection to a specified WAN interface wan multifno channel WAN interface wan multifno status S Sy yn nt ta ax x D De es sc cr ri...

Page 764: ...s to enable the settings for SSID1 SSID2 SSID3 and SSID4 disable ssid1 ssid2 ssid3 ssid4 It means to disable the settings for SSID1 SSID2 SSID3 and SSID4 add MAC ssid1 ssid2 ssid3 ssid4 isolate It means to associate a MAC address to certain SSID interfaces access control settings The isolate setting will limit the wireless client s network capabilities to accessing the wireless LAN only MAC format...

Page 765: ...el number wl config preamble enable wl config txburst enable wl config ssid ssid_num enable ssid_name hidden_ssid wl config security SSID_NUMBER mode wl config ratectl ssid_num enable upload download wl config isolate ssid_num lan member S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description mode value It means to select connection mode for wireless connection Available setting...

Page 766: ...index It means to configure security settings for the wirelesss connection SSID_NUMBER Type 1 2 3 or 4 to specify SSID1 SSID2 SSID3 or SSID4 mode Available settings are disable No security wpa1x WPA 802 1x Only wpa21x WPA2 802 1x Only wpamix1x Mixed WPA WPA2 802 1x only wep1x WEP 802 1x Only wpapsk WPA PSK wpa2psk WPA2 PSK wpamixpsk Mixed WPA WPA2 PSK wep WEP key index Moreover you have to add key...

Page 767: ...ble dray SSID Enable Hide_SSID Name 1 1 0 dray Note Please restart wireless after you set the parameters wl config security 1 wpa1x Configured Wlan Security Setting SSID1 Mode wpa1x Wireless card must be reset for configurations to take effect Telnet Command wl restart T Te el ln ne et t C Co om mm ma an nd d w wl l s se et t This command allows users to configure basic wireless settings wl set SS...

Page 768: ...le E Ex xa am mp pl le e wl act on Set Wlan to Enable T Te el ln ne et t C Co om mm ma an nd d w wl l s sc ca an n This command allows users to perform AP scanning wl scan start wl scan set wlist blist stime MAC wl scan del wlist blist MAC wl scan filter ssid channel mac wl scan show 0 1 2 3 S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description start It means to start AP scann...

Page 769: ...tart wl scan show 3 T Te el ln ne et t C Co om mm ma an nd d w wl l s st ta am mg gt t This command is used to configure connection time and reconnection time for each SSID that wireless client used for accessing into Internet wl stamgt enable disable ssid_num wl stamgt show ssid_num wl stamgt set ssid_num c r wl stamgt reset ssid_num S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter ...

Page 770: ... es sc cr ri ip pt ti io on n Parameter Description ssid It means the number of SSID 1 SSID1 2 SSID2 3 SSID3 4 SSID4 En It means to enable or disable the function of VPN isolation 0 disable 1 enable E Ex xa am mp pl le e wl iso_vpn 1 on ssid 1 isolate vpn on 1 T Te el ln ne et t C Co om mm ma an nd d w wl l w wp pa a This command allows you to configure WPA wireless settings wl wpa 1 2 3 S Sy yn n...

Page 771: ...isable the ASPD automatic power save delivery function 0 disable 1 enable show It displays current status of WMM QueIdx It means the number of the queue which the WMM settings will be applied to There are four queues best effort background voice and video Aifsn It controls how long the client waits for each data transmission Cwmin Cwmax CWMin means contention Window Min and CWMax means contention ...

Page 772: ... txpower value wl ht antenna value wl ht greenfield value S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description wl ht bw value The value you can type is 0 for BW_20 and 1 for BW_40 wl ht gi value The value you can type is 0 for GI_800 and 1 for GI_4001 wl ht badecline value The value you can type is 0 for disabling and 1 for enabling wl ht autoba value The value you can type i...

Page 773: ...nctl 1 Enable wireless botton control Current wireless botton control is on T Te el ln ne et t C Co om mm ma an nd d w wl l i iw wp pr ri iv v w wl l w wl la an nc co on nf fi ig g These two commands are reserved for RD debug Do not use them T Te el ln ne et t C Co om mm ma an nd d w wl l e ef fu us se e This command is used to configure parameters related to wireless RF hardware At present it is ...

Page 774: ...ng idx ip address mask S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description MAC Address It means the MAC address of the host IP address It means the LAN IP address of the host If you want to wake up LAN host by using IP address be sure that that IP address has been bound with the MAC address IP BindMAC on off any It means to enable or disable the function of WOL from WAN on e...

Page 775: ...pe the IP address that you want it to pass l all l userl l ip Show online user all all of the users will be displayed on the screen user name type the user name that you want to view on the screen ip type the IP address that you want to view on the screen o It means to show user account information e g o c user name c all Clear the user record user name type the user name that you want to get clea...

Page 776: ...et time quota It means to set time quota of the user profile e g q 200 r It means to set data quota e g r 1000 w It means to specify the data quota unit MB GB e g w MB s It means to set schedule index Available settings are sch_idx1 sch_idx2 sch_idx3 and sch_idx4 m It means to set the maximum login user number e g m 200 x It means to set external server authentication 0 None 1 LDAP 2 Radius 3 TACA...

Page 777: ...age is used to display NAND Flash usage nand bad is used to display NAND Flash bad blocks S Sy yn nt ta ax x nand bad nand usage E Ex xa am mp pl le e nand usage Show NAND Flash Usage Partition Total Used Available Use cfg 4194304 7920 4186384 0 bin_web 33554432 11869493 21684939 35 cfg bak 4194304 7920 4186384 0 bin_web bak 33554432 11869493 21684939 35 nand bad Show NAND Flash Bad Blocks Block A...

Reviews:

No comments

Related manuals for VigorBX 2000 Series

ICP DAS USA I-7532M-FD User Manual preview
I-7532M-FD
Brand: ICP DAS USA Pages: 48
ICP DAS USA WF-2572 User Manual preview
WF-2572
Brand: ICP DAS USA Pages: 24
ICP DAS USA MSM-508 Quick Start preview
MSM-508
Brand: ICP DAS USA Pages: 4
National Instruments NI 9265 Operating Instructions Manual preview
NI 9265
Brand: National Instruments Pages: 26
National Instruments NI 9203 User Manual And Specifications preview
NI 9203
Brand: National Instruments Pages: 85
National Instruments Module SCXI-1503 User Manual preview
Module SCXI-1503
Brand: National Instruments Pages: 79
Valcom VIP-822 Manual preview
VIP-822
Brand: Valcom Pages: 3
Valcom VIP-814 User Manual preview
VIP-814
Brand: Valcom Pages: 4
Oracle B31003-01 User Manual preview
B31003-01
Brand: Oracle Pages: 112
ICT Protege PRT-PX16-PCB Installation Manual preview
Protege PRT-PX16-PCB
Brand: ICT Pages: 34
Planet ADSL 2/2+ VPN Firewall Router ADE-4300A/B User Manual preview
ADSL 2/2+ VPN Firewall Router ADE-4300A/B
Brand: Planet Pages: 132
APARIAN DH485 Quick Start Manuals preview
DH485
Brand: APARIAN Pages: 2
Aruba IntroSpect Analyzer 2 Series Quick Start Manual preview
IntroSpect Analyzer 2 Series
Brand: Aruba Pages: 5
Netis DL4305 Quick Installation Manual preview
DL4305
Brand: Netis Pages: 16
Juniper EX2500 Quick Start preview
EX2500
Brand: Juniper Pages: 2
StarTech.com ST1000SMPEX Instruction Manual preview
ST1000SMPEX
Brand: StarTech.com Pages: 9
Cyclades AlterPath Manager 2500 Installation, Configuration And User Manual preview
AlterPath Manager 2500
Brand: Cyclades Pages: 368
HMS Anybus AWB3000 Startup Manual preview
Anybus AWB3000
Brand: HMS Pages: 18

Brands by name

Popular brands

Load more brands