background image

 

Vigor2952 Series User’s Guide   

674 

T

T

e

e

l

l

n

n

e

e

t

t

 

 

C

C

o

o

m

m

m

m

a

a

n

n

d

d

:

:

 

 

o

o

b

b

j

j

e

e

c

c

t

t

 

 

i

i

p

p

v

v

6

6

 

 

o

o

b

b

j

j

 

 

This comman is used to create an IP object profile. 

S

S

y

y

n

n

t

t

a

a

x

x

 

 

 

 

object ip obj setdefault 

object ip obj INDEX -v 

object ip obj INDEX -n NAME 

object ip obj INDEX -i INTERFACE 

object ip obj INDEX -s INVERT 

object ip obj INDEX -a TYPE [START_IP] [END/MASK_IP] 

S

S

y

y

n

n

t

t

a

a

x

x

 

 

D

D

e

e

s

s

c

c

r

r

i

i

p

p

t

t

i

i

o

o

n

n

 

 

Parameter Description 

setdefault 

It means to return to default settings for all profiles. 

INDEX 

It means the index number of the specified object profile. 

-v 

It means to view the information of the specified object profile. 
Example: 

object ip obj 1 -v

 

-n NAME 

It means to define a name for the IP object. 
NAME: Type a name with less than 15 characters. 
Example: 

object ip obj 9 -n bruce

 

-i INTERFACE 

It means to define an interface for the IP object. 
INTERFACE=0, means any 
INTERFACE=1, means LAN 
INTERFACE=3, means WAN 
Example: 

object ip obj 8 -i 0

 

-s INVERT 

It means to set invert seletion for the object profile. 
INVERT=0, means disableing the function. 
INVERT=1, means enabling the function. 
Example: 

object ip obj 3 -s 1

 

-a TYPE 

It means to set the address type and IP for the IP object profile. 
TYPE=0, means Mask 
TYPE=1, means Single 
TYPE=2, means Any 
TYPE=3, means Rang 
Example: 

object ip obj 3 -a 2

 

[START_IP]  

When the TYPE is set with 2, you have to type an IP address as a 
starting point and another IP address as end point. 
Type an IP address. 

[END/MASK_IP] 

Type an IP address (different with START_IP) as the end IP address. 

E

E

x

x

a

a

m

m

p

p

l

l

e

e

 

 

 

 

> object ip obj 1 -n marketing 

> object ip obj 1 -a 1 192.168.1.45 

> object ip obj 1 -v 

 IP Object Profile 1 

 Name   :[marketing] 

Summary of Contents for Vigor 2952 series

Page 1: ......

Page 2: ...Vigor2952 Series User s Guide ii Vigor2952 Series Dual WAN Security Firewall User s Guide Version 1 5 Firmware Version V3 8 4 For future update please visit DrayTek web site Date November 17 2016 ...

Page 3: ...warrant to the original end user purchaser that the router will be free from any defects in workmanship or materials for a period of two 2 years from the date of purchase from the dealer Please keep your purchase receipt in a safe place as it serves as proof of date of purchase During the warranty period and upon proof of purchase should the product have indications of failure due to faulty workma...

Page 4: ...t 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instruction manual may cause harmful interference to radio communications Operation of this equipment in a re...

Page 5: ...0 I 6 2 WAN3 WAN4 USB 39 I 7 Service Activation Wizard 41 I 8 Registering Vigor Router 44 Part II Connectivity 47 II 1 WAN 48 Web User Interface 50 II 1 1 General Setup 50 II 1 1 1 WAN1 Fiber AUTO 51 II 1 1 2 WAN2 Ethernet 53 II 1 1 3 WAN3 WAN4 USB 54 II 1 2 Internet Access 56 II 1 2 1 Details Page for PPPoE in Etherenet WAN1 WAN2 and Fiber WAN1 58 II 1 2 2 Details Page for Static or Dynamic IP in...

Page 6: ...Pv6 Setup 111 II 2 1 3 Details Page for LAN2 LAN8 115 II 2 1 4 Details Page for IP Routed Subnet 116 II 2 2 VLAN 118 II 2 3 Bind IP to MAC 121 II 2 4 LAN Port Mirror 123 II 2 5 Wired 802 1x 124 II 2 6 Web Portal Setup 125 II 2 7 PPPoE Server 128 II 2 8 PoE 129 II 2 8 1 General Setup 129 II 2 8 2 Device Check 130 II 2 8 3 Status 131 II 3 NAT 133 Web User Interface 134 II 3 1 Port Redirection 134 II...

Page 7: ...gnose 194 Application Notes 196 A 1 How to Customize a Secure Route between VPN Router and Remote Router by Using Route Policy 196 A 2 How to Setup Address Mapping 199 A 3 How to setup Load Balance for Packets 203 II 6 Hardware Acceleration 205 Web User Interface 205 II 6 1 Setup 205 Part III Wireless LAN 207 III 1 Wireless LAN 208 Web User Interface 211 III 1 1 Wireless Wizard 211 III 1 2 General...

Page 8: ...up 282 IV 2 2 SSL Web Proxy 283 IV 2 3 SSL Application 285 IV 2 4 User Account 287 IV 2 5 User Group 291 IV 2 6 Online User Status 293 IV 3 Certificate Management 294 Web User Interface 295 IV 3 1 Local Certificate 295 IV 3 2 Trusted CA Certificate 299 IV 3 3 Certificate Backup 301 Part V Security 303 V 1 Firewall 304 Web User Interface 306 V 1 1 General Setup 306 V 1 2 Filter Setup 311 V 1 3 DoS ...

Page 9: ...I 1 10 Management 382 VII 1 11 Self Signed Certificate 386 VI 1 12 Reboot System 388 VI 1 13 Firmware Upgrade 389 VI 1 14 Activation 390 VI 1 15 Internal Service User List 391 VI 2 Bandwidth Management 393 Web User Interface 395 VI 2 1 Sessions Limit 395 VI 2 2 Bandwidth Limit 397 VI 2 3 Quality of Service 399 VI 2 4 APP QoS 406 Application Notes 408 A 1 How to Optimize the Bandwidth through QoS T...

Page 10: ...tween remote devices and Vigor2952 Series 466 A 3 CVM Application How to upgrade CPE firmware through Vigor2952 Series 468 VI 5 Central Management AP 471 Web User Interface 472 VI 5 1 Dashboard 472 VI 5 2 Status 473 VI 5 3 WLAN Profile 474 VI 5 4 AP Maintenance 479 VI 5 5 AP Map 480 VI 5 6 Traffic Graph 483 VI 5 7 Temperature Sensor 484 VI 5 8 Event Log 484 VI 5 9 Total Traffic 485 VI 5 10 Station...

Page 11: ... WAN Disconnection 531 VII 2 USB Application 535 Web User Interface 536 VII 2 1 USB General Settings 536 VII 2 2 USB User Management 537 VII 2 3 File Explorer 539 VII 2 4 USB Device Status 540 VIII 2 5 Temperature Sensor 541 VII 2 6 Modem Support List 543 VII 2 7 SMB Client Support List 544 Application Notes 545 A 1 How can I get the files from USB storage device connecting to Vigor router 545 Par...

Page 12: ... OK or Not 572 VIII 4 Pinging the Router from Your Computer 575 VIII 5 Checking If the ISP Settings are OK or Not 577 VIII 6 Problems for 3G 4G Network Connection 578 VIII 7 Backing to Factory Default Setting If Necessary 579 VIII 8 Contacting DrayTek 580 Appendix I VLAN Applications on Vigor Router 581 Part IX DrayTek Tools 589 IX 1 SmartVPN Client 590 IX 1 1 DrayTek Android based SmartVPN APP fo...

Page 13: ...Vigor2952 Series User s Guide 1 P Pa ar rt t I I I In ns st ta al ll la at ti io on n This part will introduce Vigor router and guide to install the device in hardware and software ...

Page 14: ...ac ct t l lo oc ca al l d di is st tr ri ib bu ut to or r Vigor2952 Series a broadband router integrates IP layer QoS NAT session bandwidth management to help users control works well with large bandwidth By adopting hardware based VPN platform and hardware encryption of AES DES 3DES the router increases the performance of VPN greatly and offers several protocols such as IPSec PPTP L2TP with up to...

Page 15: ...ow power to be supplied to end devices such as Wireless Access Points IP Phones and IP cams directly through the existing LAN cables eliminating costs for additional AC wiring and reducing installation cost PoE connection frees your wireless AP deployment from the restriction due to power outlet location By supplying the power end span you can centralize power distribution and backup without the n...

Page 16: ...a QoS On The QoS function is active On Wireless access point is ready Blinking Ethernet packets are transmitting over wireless LAN WLAN Off The WLAN function is inactive CSM On The profile of CSM Content Security Management for IM P2P application is enabled from Firewall General Setup Such profile is established under CSM menu On Power sourcing equipment for PoE is enabled PoE Off Power sourcing e...

Page 17: ...D Green Blinking The data is transmitting On The port is connected with 1000Mbps WAN2 Right LED Green Off The port is connected with 10 100Mbps On The port is connected Off The port is disconnected Left LED Green Blinking The data is transmitting On The port is connected with 1000Mbps LAN1 LAN4 Right LED Green Off The port is connected with 10 100Mbps ...

Page 18: ...econds to turn off the WLAN function When the wireless function is not ready the LED will be off WPS When WPS function is enabled by web user interface press this button for more than 2 seconds to wait for client s device making network connection through WPS Fiber Connector for accessing the Internet WAN1 WAN2 Connector for remote networked devices LAN1 LAN4 Connectors for local networked devices...

Page 19: ... other end of the cable RJ 45 into the Ethernet port on your computer that device also can connect to other computers to form a small area network 3 Connect the power cord to the router s power port on the rear panel and the other side into a wall outlet 4 Power on the device by pressing down the power switch on the rear panel 5 The system starts to initiate After completing the system test the AC...

Page 20: ...which is suitable for placing the router Make the screw holes on the short side of the bracket aim at the screw holes on the router Next fasten both the bracket and the router with two screws and fasten both the wall and the bracket with another two screws Refer to the following figure Then continue to fasten the screws on the other side of the router and the wall with other screws When you finish...

Page 21: ...PCs connected this router can print documents via the router The example provided here is made based on Windows 7 For other Windows system please visit www DrayTek com Before using it please follow the steps below to configure settings for connected computers or wireless clients 1 Connect the printer with the router through USB parallel port 2 Open All Programs Getting Started Devices and Printers...

Page 22: ...ser s Guide 10 4 A dialog will appear Click Add a local printer and click Next 5 In this dialog choose Create a new port In the field of Type of port use the drop down list to select Standard TCP IP Port Then click Next ...

Page 23: ... User s Guide 11 6 In the following dialog type 192 168 1 1 router s LAN IP in the field of Hostname or IP Address and type 192 168 1 1 as the Port name Then click Next 7 Click Standard and choose Generic Network Card ...

Page 24: ... your system will ask you to choose right name of the printer that you installed onto the router Such step can make correct driver loaded onto your PC When you finish the selection click Next 9 Type a name for the chosen printer Click Next ...

Page 25: ...Vigor2952 Series User s Guide 13 10 Choose Do not share this printer and click Next 11 Then in the following dialog click Finish ...

Page 26: ...Guide 14 12 The new printer has been added and displayed under Printers and Faxes Click the new printer icon and click Printer server properties 13 Edit the property of the new printer you have added by clicking Configure Port ...

Page 27: ...Vigor2952 Series User s Guide 15 14 Select LPR on Protocol type p1 number 1 as Queue Name Then click OK Next please refer to the red rectangle for choosing the correct protocol and LPR name ...

Page 28: ...r additional functions are not supported If you do not know whether your printer is supported or not please visit www draytek com to find out the printer list Open Support FAQ Application Notes find out the link of USB Printer Server and click it Then click the What types of printers are compatible with Vigor router link Note 2 Vigor router supports printing request from computers via LAN ports bu...

Page 29: ...the same subnet as the default IP address of Vigor router 192 168 1 1 For the detailed information please refer to the later section Trouble Shooting of the guide 2 Open a web browser on your PC and type http 192 168 1 1 The following window will be open to ask for username and password 3 Please type admin admin as the Username Password and click Login Info If you fail to access to the web configu...

Page 30: ...fferent slightly in accordance with the type of the router you have 5 The web page can be logged out according to the chosen condition The default setting is Auto Logout which means the web configuration system will logout after 5 minutes without any operation Change the setting for your necessity ...

Page 31: ...into the web user interface with admin mode 3 Go to System Maintenance page and choose Administrator Password 4 Enter the login password the default is admin on the field of Old Password Type New Password and Confirm Password Then click OK to continue Info The maximum length of the password you can set is 23 characters 5 Now the password has been changed Next time use the new password to access th...

Page 32: ... of the main page A web page with default selections will be displayed on the screen Refer to the following figure I I 5 5 1 1 V Vi ir rt tu ua al l P Pa an ne el l On the top of the Dashboard a virtual panel simulating the physical panel of the router displays the physical interface connection It will be refreshed every five seconds When you move and click the mouse cursor on LEDs except ACT USB ...

Page 33: ...bout the LED display refer to I 1 1 LED Indicators and Connectors I I 5 5 2 2 N Na am me e w wi it th h a a L Li in nk k A name with a link e g Router Name Current Time WAN1 4 and etc below means you can click it to open the configuration page for modification ...

Page 34: ...ed under Quick Access The function links of System Status Dynamic DDNS TR 069 User Management IM P2P Block Schedule Syslog Mail Alert LDAP RADIUS Firewall Object Setting and Data Flow Monitor are displayed here Move your mouse cursor on any one of the links and click on it The corresponding setting page will be open immediately In addition quick access for VPN security settings such as Remote Dial...

Page 35: ... indicates that the traffic would be transmitted through LAN port s and then the WAN port The purpose is to perform the traffic monitor of the host s I I 5 5 4 4 G GU UI I M Ma ap p All the functions the router supports are listed with table clearly in this page Users can click the function link to access into the setting page of the function for detailed configuration Click the icon on the top of...

Page 36: ...elnet command via DOS prompt The changes made by using web console have the same effects as modified through web user interface The functions settings modified under Web Console also can be reviewed on the web user interface Click the Web Console icon on the top of the main screen to open the following screen ...

Page 37: ...e Config Backup icon It allows you to backup current settings as a file Such configuration file can be restored by using System Maintenance Configuration Backup Simply click the icon on the top of the main screen and a pop up dialog will appear Click Save to store the setting I I 5 5 7 7 L Lo og go ou ut t Click this icon to exit the web user interface ...

Page 38: ...e e S St ta at tu us s I I 5 5 8 8 1 1 P Ph hy ys si ic ca al l C Co on nn ne ec ct ti io on n Such page displays the physical connection status such as LAN connection status WAN connection status ADSL information and so on Physical Connection for IPv4 Protocol ...

Page 39: ... Enable Yes in red means such interface is available but not enabled Yes in green means such interface is enabled Line Displays the physical connection Ethernet or USB of this interface Name Display the name of the router Mode Displays the type of WAN connection e g PPPoE Up Time Displays the total uptime of the interface IP Displays the IP address of the WAN interface GW IP Displays the IP addres...

Page 40: ...reen means such interface is enabled No in red means such interface is not available Mode Displays the type of WAN connection e g TSPC Up Time Displays the total uptime of the interface IP Displays the IP address of the WAN interface Gateway IP Displays the IP address of the default gateway Info The words in green mean that the WAN connection of that interface is ready for accessing Internet the w...

Page 41: ...er typing the password please click Next On the next page as shown below please select the WAN interface WAN 1 to WAN4 that you use If fiber connection is made please choose WAN1 if Ethernet interface is used please choose WAN1 WAN2 if 3G 4G USB modem is used please choose WAN3 or WAN4 For Ethernet WAN2 choose Auto negotiation as the physical type for your router WAN1 WAN4 will bring up different ...

Page 42: ...ormation from your ISP For example you should select PPPoE mode if the ISP provides you PPPoE interface Available settings are explained as follows Item Description Display Name Type a name for the router I I 6 6 1 1 1 1 P PP PP Po oE E PPPoE stands for Point to Point Protocol over Ethernet It relies on two widely accepted standards PPP and Ethernet It connects users through an Ethernet to the Int...

Page 43: ...e Username Assign a specific valid user name provided by the ISP Note The maximum length of the user name you can set is 63 characters Password Assign a valid password provided by the ISP Note The maximum length of the password you can set is 62 characters Confirm Password Retype the password Back Click it to return to previous setting page Next Click it to get into the next setting page Cancel Cl...

Page 44: ...r the Username Password provided by your ISP Click Next for viewing summary of such connection 4 Click Finish A page of Quick Start Wizard Setup OK will appear Then the system status of this protocol will be shown 5 Now you can enjoy surfing on the Internet ...

Page 45: ...et Access Type 2 Click PPTP L2TP as the Internet Access Type Then click Next to continue Available settings are explained as follows Item Description Username Assign a specific valid user name provided by the ISP The maximum length of the user name you can set is 63 characters Password Assign a valid password provided by the ISP The maximum length of the password you can set is 62 characters ...

Page 46: ...address for the router Second DNS Type in secondary IP address for necessity in the future PPTP Server L2TP Server Type the IP address of the server Back Click it to return to previous setting page Next Click it to get into the next setting page Cancel Click it to give up the quick start wizard 3 Please type in the IP address mask gateway information originally provided by your ISP Then click Next...

Page 47: ...nternet Access type Simply click Next to continue Available settings are explained as follows Item Description WAN IP Type the IP address Subnet Mask Type the subnet mask Gateway Type the IP address of gateway Primary DNS Type in the primary IP address for the router Secondary DNS Type in secondary IP address for necessity in the future Back Click it to return to previous setting page Next Click i...

Page 48: ... wizard 3 Please type in the IP address information originally provided by your ISP Then click Next for next step 4 Click Finish A page of Quick Start Wizard Setup OK will appear Then the system status of this protocol will be shown 5 Now you can enjoy surfing on the Internet ...

Page 49: ...ype Simply click Next to continue Available settings are explained as follows Item Description Host Name Type the name of the host The maximum length of the host name you can set is 39 characters MAC Some Cable service providers specify a specific MAC address for access authentication In such cases you need to enter the MAC address Back Click it to return to previous setting page Next Click it to ...

Page 50: ...uick start wizard 3 After finished the settings above click Next for viewing summary of such connection 4 Click Finish A page of Quick Start Wizard Setup OK will appear Then the system status of this protocol will be shown 5 Now you can enjoy surfing on the Internet ...

Page 51: ...e settings are explained as follows Item Description Internet Access Choose one of the selections as the protocol of accessing the internet 3G 4G USB Modem PPP mode SIM Pin code Type PIN code of the SIM card that will be used to access Internet The maximum length of the pin code you can set is 15 characters Modem Initial String Such value is used to initialize USB modem Please use the default valu...

Page 52: ... access Internet Network Mode Force Vigor router to connect Internet with the mode specified here If you choose 4G 3G 2G as network mode the router will choose a suitable one according to the actual wireless signal automatically APN Name APN means Access Point Name which is provided and required by some ISPs 3 Then click Next for viewing summary of such connection 4 Click Finish A page of Quick St...

Page 53: ... tool which allows you to use trial version of WCF directly without accessing into the server MyVigor located on http myvigor draytek com For using Web Content Filter Profile please refer to later section Web Content Filter Profile for detailed information Now follow the steps listed below to activate WCF feature for your router Info Such function is available only for Admin Mode 1 Open Wizards Se...

Page 54: ...ldwide There is a 30 day trial period After trial you can purchase DrayTek s prepared Commtouch GlobalView WCF package from retailing outlets BPjM is WCF for German Speaking users The fragfINN is whitelist for German Speaking users The BPjM is ideal for your family to provide more Internet security for youngsters Web Content Filter fragFINN service will not be supported since January 1 2015 4 Sett...

Page 55: ...ll be activated and applied as the default rule configured in Firewall General Setup 6 Now the web page will display the service that you have activated according to your selection s The valid time for the free trial of these services is one month When all the trial editions for various web content filters had been enabled the configuration page of Service Activation Wizard will be invalid as show...

Page 56: ...o register your Vigor router to MyVigor website for getting more service Please follow the steps below to finish the router registration 1 Please login the web configuration interface of Vigor router by typing admin admin as User Name Password 2 Click Support Area Production Registration from the home page 3 A Login page will be shown on the screen Please type the account and password that you cre...

Page 57: ... this page please click Add or Product Registration 5 When the following page appears please type in Nickname for the router and choose the right registration date from the popup calendar it appears when you click on the box of Registration Date After adding the basic information for the router please click Submit 6 When the following page appears your router information has been added to the data...

Page 58: ...Vigor2952 Series User s Guide 46 ...

Page 59: ...of subnets regulated and ruled by router The design of network structure is related to what type of public IP addresses coming from your ISP When the data flow passing through the Network Address Translation NAT function of the router will dedicate to translate public private addresses and the packets will be delivered to the correct host PC in the local area network DNS LAN DNS UPnP IGMP WOL RADI...

Page 60: ...ublic private addresses and the packets will be delivered to the correct host PC in the local area network Thus all the host PCs can share a common Internet connection G Ge et t Y Yo ou ur r P Pu ub bl li ic c I IP P A Ad dd dr re es ss s f fr ro om m I IS SP P In ADSL deployment the PPP Point to Point style authentication and authorization is required for bridging customer premises equipment CPE ...

Page 61: ... still can be used and Load Balance can be done in the router Besides 3G 4G USB Modem in WAN3 WAN4 also can be used as backup device Therefore when WAN1 and WAN2 are not available the router will use 3 5G for supporting automatically The supported 3G 4G USB Modem will be listed on DrayTek web site Please visit www draytek com for more detailed information ...

Page 62: ...ion port for proper operation Please configure WAN1 WAN2 WAN3 and WAN4 settings This webpage allows you to set general setup for WAN1 WAN2 WAN3 and WAN4 respectively In default WAN2 is disabled If you want to enable it simply click the WAN2 link and select Yes in the field of Enable Available settings are explained as follows Item Description Load Balance Mode This option is available for multiple...

Page 63: ...ical mode and physical type of such WAN interface Line Speed Kbps DownLink UpLink Display the downstream and upstream rate of such WAN interface Active Mode Display whether such WAN interface is Active device or backup device Backup WAN Display the backup WAN interface for such WAN when it is disabled Info In default each WAN port is enabled After finished the above settings click OK to save the s...

Page 64: ...y Type the packet priority number for such VLAN The range is from 0 to 7 Active Mode Choose Always On to make the WAN1 connection being activated always Load Balance Check this box to enable auto load balance function for such WAN interface When the data traffic is large the WAN interface with the function enabled will balance the data transmission automatically among all of the WAN interfaces in ...

Page 65: ... the system Line Speed If your choose According to Line Speed as the Load Balance Mode please type the line speed for downloading and uploading for such WAN interface The unit is kbps VLAN Tag insertion Enable Enable the function of VLAN with tag The router will add specific VLAN number to all packets on the WAN while sending them out Please type the tag value and specify the priority for the pack...

Page 66: ...de the option of Active When will appear Any of the selected WAN disconnect Such WAN connection will be activated when any selected WAN interface checked below disconnects All of the selected WAN disconnect Such WAN connection will be activated only when all of selected WAN interfaces checked below disconnect Check boxes for WAN1 to WAN4 Specify the WAN interface by checking the WAN box After fini...

Page 67: ...o make the WAN connection as a backup connection WAN Failure When the active WAN failed such WAN will be activated as the main network connection Traffic Threshold When the data traffic of active WAN reaches the traffic threshold specified here the failover WAN will be enabled automatically to share the overloaded data traffic Active When If you choose Failover as the Active Mode the option of Act...

Page 68: ...N function the users can set different WAN settings for WAN1 WAN2 WAN3 WAN4 for Internet Access Due to different Physical Mode for WAN interface the Access Mode for these connections also varies Refer to the following figures And And Available settings are explained as follows Item Description Index Display the WAN interface ...

Page 69: ...ed on Physical Mode to setup IPv6 Internet Access Mode for WAN interface If IPv6 service is active on this WAN interface the color of IPv6 will become green Advanced This button allows you to configure DHCP client options DHCP packets can be processed by adding option number and data information when such function is enabled and configured Enable Check the box to enable the function of DHCP Option...

Page 70: ... you click Disable this function will be closed and all the settings that you adjusted in this page will be invalid ISP Access Setup Enter your allocated username password and authentication parameters according to the information provided by your ISP Service Name Optional Enter the description of the specific network service Username Type in the username provided by ISP in this field The maximum ...

Page 71: ...h MTU size start from Determine the starting point value of the packet Default setting is 1500 MTU reduce size by It determines the decreasing size of MTU value For example the number specified in this field is 8 The maximum MTU size is 1500 After clicking the detect button the system will calculate and get the suitable MTU value such as 1500 1492 1484 and etc automatically Detect Click it to dete...

Page 72: ... IP Address Default MAC Address You can use Default MAC Address or specify another MAC address by typing on the boxes of MAC Address for the router Specify a MAC Address Type the MAC address for the router manually After finishing all the settings here please click OK to activate them I II I 1 1 2 2 2 2 D De et ta ai il ls s P Pa ag ge e f fo or r S St ta at ti ic c o or r D Dy yn na am mi ic c I ...

Page 73: ...nction PING to the IP If you enable the PING function please specify the IP address for the system to PING it for keeping alive PING Interval Enter the interval for the system to execute the PING operation WAN Connection Detection Such function allows you to verify whether network connection is alive or not through ARP Detect or Ping Detect Mode Choose ARP Detect or Ping Detect or Always On for th...

Page 74: ...TU RIP Protocol Routing Information Protocol is abbreviated as RIP RFC1058 specifying how routers exchange routing tables information Click Enable RIP for activating this function Bridge Mode Enable Bridge Mode If the function is enabled the router will work as a bridge modem Enable Firewall It is available when Bridge Mode is enabled When both Bridge Mode and Firewall check boxes are enabled the ...

Page 75: ... Identifier for some ISP Enable Check the box to specify username and password as the DHCP client identifier for some ISP Username Type a name as username The maximum length of the user name you can set is 63 characters Password Type a password The maximum length of the password you can set is 62 characters Specify an IP address Click this radio button to specify some data if you want to use Stati...

Page 76: ...Server IP Address Type in the primary IP address for the router if you want to use Static IP mode If necessary type in secondary IP address for necessity in the future After finishing all the settings here please click OK to activate them ...

Page 77: ...the connection through PPTP or L2TP Server Address Specify the IP address of the PPTP L2TP server if you enable PPTP L2TP client mode Specify Gateway IP Address Specify the gateway IP address for DHCP server ISP Access Setup Username Type in the username provided by ISP in this field The maximum length of the user name you can set is 63 characters Password Type in the password provided by ISP in t...

Page 78: ...signment Method IPCP WAN IP Alias If you have multiple public IP addresses and would like to utilize them on the WAN interface please use WAN IP Alias You can set up to 32 public IP addresses other than the current one you are using Fixed IP Usually ISP dynamically assigns IP address to you each time you connect to it and request In some case your ISP provides service to always assign you the same...

Page 79: ...t 3G 4G USB Modem PPP mode for WAN5 The following web page will be shown Available settings are explained as follows Item Description Modem Support List It lists all of the modems supported by such router 3G 4G USB Modem PPP mode Click Enable for activating this function If you click Disable this function will be closed and all the settings that you adjusted in this page will be invalid SIM PIN co...

Page 80: ... 63 characters PPP Password Type the PPP password optional The maximum length of the password you can set is 62 characters PPP Authentication Select PAP only or PAP or CHAP for PPP Index 1 15 in Schedule Setup You can type in four sets of time schedule for your request All the schedules can be set previously in Application Schedule web page and you can use the number that you have set in that web ...

Page 81: ...ned as follows Item Description Modem Support List It lists all of the modems supported by such router 3G 4G USB Modem DHCP mode Click Enable for activating this function If you click Disable this function will be closed and all the settings that you adjusted in this page will be invalid SIM PIN code Type PIN code of the SIM card that will be used to access Internet The maximum length of the PIN c...

Page 82: ...After clicking it the detected value will be displayed in the field of MTU WAN Connection Detection Such function allows you to verify whether network connection is alive or not through ARP Detect or Ping Detect Mode Choose ARP Detect or Ping Detect for the system to execute for WAN detection If you choose Ping Detect as the detection mode you have to type required settings for the following items...

Page 83: ...an have the public IPv6 address for Internet access by means of the generated prefix No need to type any other information for PPP mode Available settings are explained as follows Item Description WAN Connection Detection Such function allows you to verify whether network connection is alive or not through Ping Detect Mode Choose Always On or Ping Detect for the system to execute for WAN detection...

Page 84: ... you to connect to IPv6 network easily Please make sure your IPv4 WAN connection is OK and apply one free account from hexago http gogonet gogo6 com page freenet6 account before you try to use TSPC for network connection TSPC would connect to tunnel broker and requests a tunnel according to the specifications inside the configuration file It gets a public IPv6 IP address and an IPv6 prefix from th...

Page 85: ...Broker Type the address for the tunnel broker IP FQDN or an optional port number WAN Connection Detection Such function allows you to verify whether network connection is alive or not through Ping Detect Mode Choose Always On or Ping Detect for the system to execute for WAN detection Always On means no detection will be executed The network connection will be on always Ping IP Hostname If you choo...

Page 86: ...assword The maximum length of the name you can set is 19 characters Password Type the password assigned with the user name The maximum length of the password you can set is 19 characters Tunnel Broker It means a server of AICCU The server can provide IPv6 tunnels to sites or end users over IPv4 Type the address for the tunnel broker IP FQDN or an optional port number Tunnel ID One user account may...

Page 87: ...tect Mode Choose Always On or Ping Detect for the system to execute for WAN detection Ping IP Hostname If you choose Ping Detect as detection mode you have to type IP address in this field for pinging TTL Time to Live If you choose Ping Detect as detection mode you have to type TTL value After finished the above settings click OK to save the settings ...

Page 88: ...Detect or NS Detect for the system to execute for WAN detection With NS Detect mode the system will check if network connection is established or not like IPv4 ARP Detect Always On means no detection will be executed The network connection will be on always Ping IP Hostname If you choose Ping Detect as detection mode you have to type IP address in this field for pinging TTL Time to Live If you cho...

Page 89: ...nt will be ignored And all of the filter rules defined and enabled in Firewall menu will be activated Bridge Subnet Make a bridge between the selected LAN subnet and such WAN interface After finished the above settings click OK to save the settings ...

Page 90: ...ngth Add Click it to add a new entry Delete Click it to remove an existed entry Current IPv6 Address Table Display current interface IPv6 address Static IPv6 Gateway Configuration IPv6 Gateway Address Type your IPv6 gateway address here WAN Connection Detection Such function allows you to verify whether network connection is alive or not through Ping Detect Mode Choose Always On or Ping Detect or ...

Page 91: ...and such WAN interface After finished the above settings click OK to save the settings I II I 1 1 2 2 1 12 2 D De et ta ai il ls s P Pa ag ge e f fo or r I IP Pv v6 6 6 6i in n4 4 S St ta at ti ic c T Tu un nn ne el l i in n W WA AN N1 1 W WA AN N2 2 This type allows you to setup 6in4 Static Tunnel for WAN interface Such mode allows the router to access IPv6 network through IPv4 network However 6i...

Page 92: ...to execute for WAN detection Always On means no detection will be executed The network connection will be on always Ping IP Hostname If you choose Ping Detect as detection mode you have to type IP address in this field for pinging TTL Time to Live If you choose Ping Detect as detection mode you have to type TTL value After finished the above settings click OK to save the settings Below shows an ex...

Page 93: ...ask Length Type a number of high order bits that are identical across all CE IPv4 addresses within a given 6rd domain It may be any value between 0 and 32 6rd Prefix Type the 6rd IPv6 address 6rd Prefix Length Type the IPv6 prefix length for the 6rd IPv6 prefix in number of bits WAN Connection Detection Such function allows you to verify whether network connection is alive or not through Ping Dete...

Page 94: ...Vigor2952 Series User s Guide 82 Below shows an example for successful IPv6 connection based on 6rd mode ...

Page 95: ...ess web user interface and can not be configured here Channels 5 8 are configurable Enable Display whether the settings in this channel are enabled Yes or not No WAN Type Displays the physical medium that the channel will use VLAN Tag Displays the VLAN tag value that will be used for the packets traveling on this channel Port based Bridge The network traffic flowing on each channel will be identif...

Page 96: ...s the VLAN ID number Valid settings are in the range from 1 to 4095 The network traffic flowing on each channel will be identified by the system via their VLAN Tags Channels using the same WAN type may not configure the same VLAN tag value Priority Choose the number to determine the packet priority for such VLAN The range is from 0 to 7 Bridge mode Enable Click it to enable Bridge mode for such ch...

Page 97: ...uilt upon In the Multi PVC application only the Ethernet WAN type is available The user will be able to select the physical WAN interface the channel shall use here General Settings VLAN Tag Type the value as the VLAN ID number Valid settings are in the range from 1 to 4095 The network traffic flowing on each channel will be identified by the system via their VLAN Tags Channels using the same WAN ...

Page 98: ...nd authentication parameters according to the information provided by your ISP ISP Name Type in the name of your ISP Username Type in the username provided by ISP in this field The maximum length of the name you can set is 80 characters Password Type in the password provided by ISP in this field The maximum length of the password you can set is 48 characters PPP Authentication Select PAP only or P...

Page 99: ...er s Guide 87 the router if you want to use Static IP mode If necessary type in secondary IP address for necessity in the future After finished the above settings click OK to save the settings and return to previous page ...

Page 100: ...performed correctly I II I 1 1 4 4 1 1 G Ge en ne er ra al l S Se et tu up p Click WAN1 WAN2 WAN3 WAN4 link to open the following web page Available settings are explained as follows Item Description Enable Check the box to enable such function Quota Limit Type the data traffic quota allowed for such WAN interface There are two unit MB and GB offered for you to specify When quota exceeded Check th...

Page 101: ...stom This setting allows the user to define the billing cycle according to his request The WAN budget will be reset with an interval of billing cycle Custom Monthly is default setting If long period or a short period is required use Custom The period of cycle duration is between 1 day and 60 days You can determine the cycle duration by specifying the days and the hours In addition you can specify ...

Page 102: ...usage If the WAN budget is exhausted a lock will be displayed on the page if Shutdown WAN interface is selected Which means no data transmission will be carried out Moreover the system will send out a warning message to the administrator if Mail Alert is selected Or the system will send out SMS message to the administrator if SMS message is selected ...

Page 103: ... for each other via existing IPv4 network environment The IPv6 packets will be encapsulated with the header of IPv4 first Later the packets will be transformed and judged by IPv4 router Once the packets arrive the border between IPv4 and IPv6 the header of IPv4 on the packets will be removed Then the packets with IPv6 address will be forwarded to the destination of IPv6 network Translation Such fe...

Page 104: ...supporting IPv6 service 2 In the following figure use the drop down list to choose a proper connection type Different connection types will bring out different configuration page Refer to the following PPP Dual Stack application IPv4 and IPv6 services can be utilized at the same time Choose PPP and type the information for PPPoE of IPv4 ...

Page 105: ...de 93 Access into the setting page for IPv6 service it is not necessary for you to configure anything Click OK and open Online Status If the connection is successful you will get the IP address for IPv4 and IPv6 at the same time ...

Page 106: ...Vigor2952 Series User s Guide 94 ...

Page 107: ...nformation for TSPC service Info While using such mode you have to make sure the IPv4 network connection is normal In the following figure the TSPC information is obtained from http gogo6 com after applied for the service Click OK and open Online Status If the connection is successful the physical connection will be shown as follows ...

Page 108: ...nfo While using such mode you have to make sure the IPv4 network connection is normal In the following figure the AICCU information is obtained from https www sixxs net main after applied for the service Click OK and open Online Status If the connection is successful the physical connection will be shows as follows ...

Page 109: ... s Guide 97 DHCPv6 Client Choose DHCPv6 Client Click one of the identity associations and type the IAID number Click OK and open Online Status If the connection is successful the physical connection will be shows as follows ...

Page 110: ...ies User s Guide 98 Static IPv6 Choose Static IPv6 Type IPv6 address Prefix Length and Gateway Address Click OK and open Online Status If the connection is successful the physical connection will be shows as follows ...

Page 111: ... Static Tunnel Choose 6in4 Static Tunnel Type remote endpoint IPv4 address 6in4 IPv6 Address LAN Routed Prefix and Tunnel TTL Click OK and open Online Status If the connection is successful the physical connection will be shows as follows ...

Page 112: ... User s Guide 100 6rd Choose 6rd Type IPv4 Border Relay IPv4 Mask Length 6rd Prefix and 6rd Prefix Length Click OK and open Online Status If the connection is successful the physical connection will be shows as follows ...

Page 113: ...router s client get the IPv6 address 1 Access into the web user interface of Vigor2952 Open LAN General Setup Click the IPv6 button 2 In the field of DHCPv6 Server Configuration when DHCPv6 service is enabled you can assign available IPv6 address for the client manually Info When both mechanisms are enabled the client can determine which mechanism to be used e g the default mechanism for Windows7 ...

Page 114: ...e command of ipconfig Refer to the following figure From the above figure we can see IPv6 IP address has been captured by the system 2 Use the Ping command to ping any IPv6 address indicating an IPv6 website For example www kame net is a website supporting IPv4 IP and IPv6 IP services Its IPv6 address is seen with a format of 2001 200 dff fff1 216 3eff feb1 44d7 After getting the above message it ...

Page 115: ...ype an URL of IPv6 e g www kame net If your computer accesses into the website by using IPv6 address you may see a turtle dancing on the screen If not only a steady turtle will be seen If you can see a turtle dancing on the screen that means IPv6 service is ready for you to access and utilize ...

Page 116: ... the packets from public IP address to private IP address to forward the right packets to the right host and vice versa Besides Vigor router has a built in DHCP server that assigns private IP address to each local host See the following diagram for a briefly understanding In some special case you may have a public IP subnet from your ISP such as 220 135 240 0 24 This means that you can set up a pu...

Page 117: ... St ta at ti ic c R Ro ou ut te e When you have several subnets in your LAN sometimes a more effective and quicker way for connection is the Static routes function rather than other method You may simply set rules to forward data from one specified subnet to another specified subnet without the presence of RIP W Wh ha at t a ar re e V Vi ir rt tu ua al l L LA AN Ns s a an nd d R Ra at te e C Co on...

Page 118: ...pen the LAN settings page and choose General Setup There are several subnets provided by the router which allow users to divide groups into different subnets LAN1 LAN6 In addition different subnets can link for each other by configuring Inter LAN Routing At present LAN1 setting is fixed with NAT mode only LAN2 LAN6 can be operated under NAT or Route mode IP Routed Subnet can be operated under Rout...

Page 119: ...DHCP LAN1 is configured with DHCP in default If required please check the DHCP box for each LAN IP Address Display the IP address for each LAN item Such information is set in default and you can not modify it Details Page Click it to access into the setting page Each LAN will have different LAN configuration page Each LAN must be configured in different subnet IPv6 Click it to access into the sett...

Page 120: ...ption Next Server IP Address SIAddr Type the IP address for the next server Vigor router s DHCP server can redirect clients to a secondary server specified in such field Option Number Type a number for such function DataType Choose the type ASCII or Hex or address list for the data to be stored Data Type the content of the data to be processed by the function of DHCP option Inter LAN Routing Check...

Page 121: ...n Available settings are explained as follows Item Description Network Configuration For NAT Usage IP Address Type in private IP address for connecting to a local private network Default 192 168 1 1 Subnet Mask Type in an address code that determines the size of the network Default 255 255 255 0 24 LAN IP Alias If you want to make devices surf the Internet through different WAN and make the decisi...

Page 122: ...th when issuing IP addresses If the 1st IP address of your router is 192 168 1 1 the starting IP address must be 192 168 1 2 or greater but smaller than 192 168 1 254 IP Pool Counts Enter the maximum number of PCs that you want the DHCP server to assign IP addresses to The default is 50 and the maximum is 253 Gateway IP Address Enter a value of the gateway IP address for the DHCP server The value ...

Page 123: ...e Primary IP and Secondary IP Address fields are left empty the router will assign its own IP address to local users as a DNS proxy server and maintain a DNS cache If the IP address of a domain name is already in the DNS cache the router will resolve the domain name immediately Otherwise the router forwards the DNS query packet to the external DNS server by establishing a WAN e g DSL Cable connect...

Page 124: ... Use the drop down list to specify a WAN interface for IPv6 Static IPv6 Address IPv6 Address Type static IPv6 address for LAN Prefix Length Type the fixed value for prefix length Add Click it to add a new entry Delete Click it to remove an existed entry Unique Local Address ULA configuration Such feature is used for the host without assigned IPv6 address to obtain IPv6 address automatically or hav...

Page 125: ... shall be assigned after communicating with DHCPv6 server for answering the request of client Off No IP address is assigned Other Option O bit Check this box to enable the O bit for obtaining additional information e g DNS from DHCPv6 DHCPv6 Server Enable Server Click it to enable DHCPv6 server DHCPv6 Server could assign IPv6 address to PC according to the Start End IPv6 address configuration Disa...

Page 126: ... defines the interval between minimum time and maximum time for sending RA Router Advertisement packets Default Lifetime sec Within such period of time Vigor2952 can be treated as the default gateway Default Preference It determines the priority of the host behind the router when RA Router Advertisement packets are transmitted MTU It means Max Transmit Unit for packet If Auto is selected the route...

Page 127: ...atically dispatch related IP settings to any local user configured as a DHCP client It is highly recommended that you leave the router enabled as a DHCP server if you do not have a DHCP server for your network Enable Server Let the router assign IP address to every host in the LAN Disable Server Let you manually assign IP address to every host in the LAN Enable Relay Agent If you want to use anoth...

Page 128: ...client only uses the IP for say 5 minutes the server still reserves 1 day for that client Because a DHCP server only has a limited number of IPs to lease to its DHCP clients soon enough all the IPs will be used out and then no one will be able to get any IPs from this server anymore Therefore this feature is used to get the IP back from inactive clients i e doesn t use the IP but the server still ...

Page 129: ...starting IP address must be 192 168 1 2 or greater but smaller than 192 168 1 254 IP Pool Counts Enter the maximum number of PCs that you want the DHCP server to assign IP addresses to The default is 50 and the maximum is 253 Lease Time Enter the time to determine how long the IP address assigned by DHCP server can be used Use LAN Port Specify an IP for IP Route Subnet If it is enabled DHCP server...

Page 130: ...riorities for LAN side QoS You can assign each of VLANs to each of the different IP subnets that the router may also be operating to provide even more isolation The said functionality is tag based multi subnet P Po or rt t B Ba as se ed d V VL LA AN N Relative to tag based VLAN which groups clients with an identifier port based VLAN uses physical ports P1 P4 to separate the clients into different ...

Page 131: ...e range is from 0 to 7 Permit untagged device in P1 to access router It can help users to communicate with the router still even though configuring wrong VLAN tag setting It is recommended to enable the management port LAN 1 to ensure the data transmission is unimpeded Info Leave one VLAN untagged at least to prevent from not connecting to Vigor router due to unexpected error Vigor2952 Series feat...

Page 132: ...AN Routing by checking the box between LAN1 and LAN2 Vigor router supports up to six private IP subnets on LAN Each can be independent isolated or common able to communicate with each other This is ideal for departmental or multi occupancy applications Info As for the VLAN applications refer to Appendix I VLAN Application on Vigor Router for more detailed information ...

Page 133: ... MAC to open the setup page Available settings are explained as follows Item Description Enable Click this radio button to invoke this function However IP MAC which is not listed in IP Bind List also can connect to Internet Disable Click this radio button to disable this function All the settings on this page will be invalid Strict Bind Click this radio button to block the connection of the IP MAC...

Page 134: ...address typed in Add and Edit to the table of IP Bind List Update It allows you to edit and modify the selected IP address and MAC address that you create before Delete You can remove any item listed in IP Bind List Simply click and select the one and click Delete The selected item will be removed from the IP Bind List IP Bind List It displays a list for the IP bind to MAC information Backup Store...

Page 135: ...ting equipments to be set up Second it may be able to view traffic on one or more ports within a VLAN at the same time Third it can transfer all data traffics to be mirrored to one analyzer connecting to the mirroring port Last it is more convenient and asy to configure in user s interface Available settings are explained as follows Item Description Port Mirror Check Enable to activate this functi...

Page 136: ...e Authentication Protocol Authenticator relies on the RADIUS Server in its authentication process Each LAN port with Wired 802 1x configured will only forward 802 1x packets and block all other packets until the authentication has successfully completed Available settings are explained as follows Item Description Enable Check the box to enable LAN 802 1x function Authentication Type Use the drop d...

Page 137: ...ed web page through this router That is a company which wants to have an advertisement for its products to users can specify the URL in this page to reach its goal Each item is explained as follows Item Description Profile Display the number link which allows you to configure the profile Status Display the content Disable URL Redirect or Message of the profile Interface Display the applied interfa...

Page 138: ...redirected to the URL specified here first It is a useful method for the purpose of advertisement For example force the wireless user s in hotel to access into the web page that the hotel wants the user s to visit Message Type words or sentences here The message will be displayed on the screen for several seconds when the wireless users access into the web page through the router Default Message C...

Page 139: ...ty If User Management refer to VII 3 User Management mode and such web portal profile are configured and enabled for filtering users you have to determine which one shall have the highest priority Override user management Web portal profile will be used to filter users first Prefer user management User Management profile will be used to filter users first Applied Interfaces Check the box es repres...

Page 140: ...mechanism which can authenticate LAN users configured in User Management User Profile and prevent ARP attack completely Available settings are explained as follows Item Description PPPoE Server Enable Activate the built in PPPoE Server Disable Disable the built in PPPoE Server Primary DNS Secondary DNS Type the IP address es of Primary Secondary DNS server for PPPoE Client s in LAN ...

Page 141: ... automatically and the power limit for each port will be managed by Vigor router Manual The power supply for each PoE Port LAN 1 to LAN4 can be configured one by one In addition the power limit for PoE port must be determined respectively Disabled Disable the PoE function on Vigor router No power will be offered to each PoE Port Syslog Enable Check it to record related PoE log onto Syslog Port Dis...

Page 142: ...escription Port Display the number representing LAN Port 1 2 3 4 Enable Check the box to enable device check function for the specific LAN port Ping IP Address Type the IP address of the device for device ping Ping Interval Seconds Specify the time interval for device check Retry Time Specify the retry times when Ping action fails Failure Action If the device connected and powered by PoE LAN port ...

Page 143: ...nt of current between the powered device and PoE port Status Display if any device connecting to such PoE port or not Power Cycle Apply When a device connects to such PoE port such device will be shut off and powered on again by clicking this Apply button Port Priority The total power 60Watt for these PoE LAN ports is consistent and fixed Therefore it is necessary to specify the priority for each ...

Page 144: ...Vigor2952 Series User s Guide 132 Refresh Reload the record ...

Page 145: ...lic IP address and the router will do the inversion based on its table Therefore the internal host can communicate with external host smoothly The benefit of the NAT includes Save cost on applying public IP address and apply efficient usage of IP address NAT allows the internal IP addresses of local hosts to be translated into one public IP address thus you can have only one IP address on behalf o...

Page 146: ...ess domain name are recognized by all users Since the server is actually located inside the LAN the network well protected by NAT of the router and identified by its private IP address port the goal of Port Redirection function is to forward all access request with public IP address from external users to the mapping private IP address port of the server The port redirection can only apply to inco...

Page 147: ...N IP address used by the profile Protocol Display the transport layer protocol TCP or UDP Public Port Display the port number which will be redirected to the specified Private IP and Port of the internal host Private IP Display the IP address of the internal host providing the service Status Display if the profile is enabled v or not x Press any number under Index to access into next page for conf...

Page 148: ...lick IP Object link to create a new one for applying Private IP Specify the private IP address of the internal host providing the service If you choose Range as the port redirection mode you will see two boxes on this field Type a complete IP address in the first box as the starting point The second one will be assigned automatically later Private Port Specify the private port number of the servic...

Page 149: ...Vigor2952 Series User s Guide 137 ...

Page 150: ...s will continue to work without inappropriate interruption DMZ Host allows a defined internal user to be totally exposed to the Internet which usually helps some special applications such as Netmeeting or Internet Games etc The security properties of NAT are somewhat bypassed if you set up DMZ host We suggest you to add additional filter rules or a secondary firewall Click DMZ Host to open the fol...

Page 151: ...ess will be shown on the screen Click OK to save the setting DMZ Host for WAN2 WAN3 or WAN4 is slightly different with WAN1 Active True IP selection is available for WAN1 only See the following figure If you previously have set up WAN Alias for PPPoE or Static or Dynamic IP mode in WAN2 interface you will find them in Aux WAN IP for your selection Available settings are explained as follows Item D...

Page 152: ...ts of a list of private IP addresses of all hosts in your LAN network Select one private IP address in the list to be the DMZ host When you have selected one private IP from the above dialog the IP address will be shown on the screen Click OK to save the setting After finishing all the settings here please click OK to save the configuration ...

Page 153: ...ou want to offer service in a local host You should click the appropriate index number to edit or clear the corresponding entry Comment Specify the name for the defined network service WAN Interface Display the WAN interface used by such index Aux WAN IP Display the IP alias setting used by such index If no IP alias setting exists such field will not appear Source IP Display the source IP address ...

Page 154: ...IP Object link to create a new one for applying The port set here will be open for the packet coming from the source IP forever Private IP Enter the private IP address of the local host or click Choose PC to select one Choose IP Click this button and subsequently a window having a list of private IP addresses of local hosts will automatically pop up Select the appropriate IP address of the local h...

Page 155: ...tween open port and port triggering is Once the OK button is clicked and the configuration has taken effect open port keeps the ports opened forever Once the OK button is clicked and the configuration has taken effect port triggering will only attempt to open the ports once the triggering conditions are met The duration that these ports are opened depends on the type of protocol used The default d...

Page 156: ...coming data of such triggering profile Incoming Port Display the port for the incoming data of such triggering profile Status Display if the rule is active or de active Click the index number link to open the configuration page Available settings are explained as follows Item Description Enable Check to enable this entry Service Choose the predefined service to apply for such trigger profile Comme...

Page 157: ...rt range for such triggering profile Incoming Protocol When the triggering packets received it is expected the incoming packets will use the selected protocol Select the protocol TCP UDP or TCP UDP for the incoming data of such triggering profile Incoming Port Type the port or port range for the incoming packets After finishing all the settings here please click OK to save the configuration ...

Page 158: ...pecified private IP address S Sc ch he ed du ul le e The Vigor router has a built in clock which can update itself manually or automatically by means of Network Time Protocols NTP As a result you can not only schedule the router to dialup to the Internet at a specified time but also restrict Internet access to certain hours so that users can connect to the Internet only during certain hours say bu...

Page 159: ...outer is NAT Traversal This enables applications inside the firewall to automatically open the ports that they need to pass through a router W Wa ak ke e o on n L LA AN N A PC client on LAN can be woken up by the router it connects When a user wants to wake up a specified PC through the router he she must type correct MAC address of the specified PC on this web page of Wake on LAN WOL of this rout...

Page 160: ...co ou un nt t 1 Assume you have a registered domain name from the DDNS provider say hostname dyndns org and an account with username test and password test 2 Open Applications Dynamic DNS 3 Check Enable Dynamic DNS Setup Available settings are explained as follows Item Description Enable Dynamic DNS Setup Check this box to enable DDNS function Set to Factory Default Clear all profiles and recover ...

Page 161: ...ble settings are explained as follows Item Description Enable Dynamic DNS Account Check this box to enable the current account If you did check the box you will see a check mark appeared on the Active column of the previous web page in step 2 WAN Interface WAN1 WAN2 WAN3 WAN4 First While connecting the router will use WAN1 WAN2 WAN3 WAN4 as the first channel for such account If WAN1 WAN2 WAN3 WAN4...

Page 162: ...r and use the detected IP address for DDNS update There are two methods offered for you to choose WAN IP If it is selected and the WAN IP of Vigor router is private DDNS update will take place right away Internet IP If it is selected and the WAN IP of Vigor router is private it will be converted to public IP before DDNS update takes place 5 Click OK button to activate the settings You will see you...

Page 163: ...p FTP Mail or Web server inside LAN you can specify specific private IP address es to correspondent servers Thus even the remote PC is adopting public DNS as the DNS server the LAN DNS resolution on Vigor2952 Series will respond the specified private IP address Simply click Application LAN DNS to open the following page Each item is explained as follows Item Description Set to Factory Default Clea...

Page 164: ...iled settings with index 1 are shown below Available settings are explained as follows Item Description Enable Check this box to enable such profile Profile Type a name for such profile Note If you type a name here for LAN DNS and click OK to save the configuration the name also will be applied to conditional DNS forwarding automatically Domain Name Type the domain name for such profile CNAME Alia...

Page 165: ...ck OK button to save the settings 4 If you need to configure LAN DNS settings click index 1 to edit the LAN DNS profile just created Or you can click index 2 to use this profile as conditional DNS forwarding Available settings are explained as follows Item Description Enable Check this box to enable such profile Profile Type a name for such profile Note If you type a name here for conditional DNS ...

Page 166: ...le Check the box to enable the DNS security management Interface There are four WAN interfaces allowed to be set with DNS security enabled Primary DNS Display the IP address of primary DNS obtained from DHCP server or specified by Static WAN Secondary DNS Display the IP address of secondary DNS obtained from DHCP server or specified by Static WAN Bogus DNS Reply Sometime Vigor router might encount...

Page 167: ...ngs are explained as follows Item Description Domain Type the domain name and IP address IPv4 IPv6 that you want to query Interface Specify the interface required for executing diagnose DNS Server Type the IP address of the DNS Server which will diagnose the domain specified above Diagnose Click it to perform the diagnosis for the domain Result The diagnosed information will be displayed on such f...

Page 168: ...clock to current time of your PC The clock will reset once if you power down or reset the router There is another way to set up time You can inquiry an NTP server a time server on the Internet to synchronize the router s clock This method can only be applied when the WAN connection has been built up Available settings are explained as follows Item Description Set to Factory Default Clear all profi...

Page 169: ...l on demand and the value of idle timeout should be specified in Idle Timeout field Disable Dial On Demand Specify the connection to be up when it has traffic on the line Once there is no traffic over idle timeout the connection will be down and never up again during the schedule Idle Timeout Specify the duration or period for the schedule How often Specify how often the schedule will be applied O...

Page 170: ...ed network users I II I 4 4 5 5 1 1 E Ex xt te er rn na al l R RA AD DI IU US S The built in RADIUS client feature enables the router to assist the remote dial in user or a wireless station and the RADIUS server in performing mutual authentication It enables centralized remote access authentication for network management Vigor router can be operated as a RADIUS client Therefore this page is used t...

Page 171: ...server which performs security authentication by itself This page is used to configure settings for internal RADIUS server Then LAN user of Vigor router will be authenticated by Vigor router directly Available settings are explained as follows Item Description Enable Check to enable internal RADIUS client feature Authentication Port Set a port number for internal RADIUS server RADIUS Client Access...

Page 172: ... the process of security authentication user account and user password will be required for identity authentication Before configuring such page create at least one user profile in User Management User Profile first Select All Click it to select all of the user profiles in Available List Clear All Click to remove all of the user profiles in Available List Available List The user profiles without R...

Page 173: ... Description Enable Check to enable TACACS feature Server IP Address Enter the IP address of TACACS server Destination Port The UDP port number that the TACACS server is using Shared Secret The TACACS server and client share a secret that is used to authenticate the messages sent between them Both sides must be configured to use the same shared secret Confirm Shared Secret Re type the Shared Secre...

Page 174: ...ablished by the work team of Internet Engineering Task Force IETF As the name described LDAP is designed as an effect way to access directory service without the complexity of other directory service protocols For LDAP is defined to perform inquire and modify the information within the directory and acquire the data in the directory securely therefore users can apply LDAP to search or list the dir...

Page 175: ...ty For the regular mode you ll need to type in the Regular DN and Regular Password Server Address Enter the IP address of LDAP server Destination Port Type a port number as the destination port for LDAP server Use SSL Check the box to use the port number specified for SSL Regular DN Type this setting if Regular Mode is selected as Bind Type Regular Password Specify a password if Regular Mode is se...

Page 176: ...r most LDAP server is cn Base Distinguished Name Group Distinguished Name Type or edit the distinguished name used to look up entries on the LDAP server Sometimes you may forget the Distinguished Name since it s too long Then you may click the button to list all the account information on the AD LDAP Server to assist you finish the setup Additional Filter Type the condition for additional filter A...

Page 177: ... Control Service or Connection Status Service Default WAN It is used to specify the WAN interface for applying such function The reminder as regards concern about Firewall and UPnP Can t work with Firewall Software Enabling firewall applications on your PC may cause the UPnP function not working properly This is because these applications will block the accessing ability of some network ports Secu...

Page 178: ...t In addition such function is available in NAT mode IGMP Snooping Check this box to enable this function Multicast traffic will be forwarded to ports that have members of that group Disabling IGMP snooping will make multicast traffic treated in the same manner as broadcast traffic Refresh Click this link to renew the working multicast group status Group ID This field displays the ID port for the ...

Page 179: ...lable settings are explained as follows Item Description Wake by Two types provide for you to wake up the binded IP If you choose Wake by MAC Address you have to type the correct MAC address of the host in MAC Address boxes If you choose Wake by IP Address you have to choose the correct IP address IP Address The IP addresses that have been configured in Firewall Bind IP to MAC will be shown in thi...

Page 180: ...e content is and when the SMS will be sent Available settings are explained as follows Item Description Index Check the box to enable such profile SMS Provider Use the drop down list to choose SMS service provider You can click SMS Provider link to define the SMS server Recipient Type the name of the one who will receive the SMS Notify Profile Use the drop down list to choose a message profile The...

Page 181: ... Mail Service Option If there is no object listed click Mail Service link to define a new one with specified service provider Recipient Type the e mail address of the one who will receive the notification message Notify Profile Use the drop down list to choose a message profile The recipient will get the content stated in the message profile You can click the Notify Profile link to define the cont...

Page 182: ...on e g IP setting If the host and user s computer have the plug in bonjour driver install they can utilize the service offered by the router by clicking the router name icon In short what the Clients users need to know is the name of the router only To enable the Bonjour service click Applications Bonjour to open the following page Check the box es of the server service s that you want to share to...

Page 183: ...stem Maintenance Management Type a name as the Router Name and click OK 4 Next open Applications Bonjour Check the service that you want to use via Bonjour 5 Open the DNSSD page again The available items will be changed as the follows It means the Vigor router based on Bonjour protocol is ready to be used as a printer server FTP server SSH Server Telnet Server and HTTP Server ...

Page 184: ...Vigor2952 Series User s Guide 172 6 Now any page or document can be printed out through Vigor router installed with a printer ...

Page 185: ...sing performed by the failed component the primary to the backup component the secondary This process remains system wide resources recovers partial of failed transactions and restores the system to normal within a few seconds To configure High Availability on at least two DrayTek routers Enable High Availability on the Primary and Secondary routers Set a high Priority ID number on the Primary rou...

Page 186: ...ription Enable High Abailablity Check this box to enable HA function Redundancy Method Choose Hot Standby or Active Standby as the method for HA Hot Standby Such method is suitable for a user which has one ISP account With such method All WANs of secondary routers will be shut down by HA ...

Page 187: ...Active Standby Such method is suitable for a user which has multiple ISP accounts With such method All WANs of secondary routers can be up Therefore the user can route it s traffic to secondary WAN settings of primary and secondary routers must not be the same The Config Sync must be disabled or you cannot change redundancy method to active standby I II I 4 4 1 12 2 1 1 G Ge en ne er ra al l S Se ...

Page 188: ...ion key maximum 31 characters allowed It is used for encrypting the DARP to prevent malicious attack Protocol Choose IPv4 or IPv6 Management Interface Such interface is used for DARP DrayTek Address Redundancy Protocol negotiation between routers Only the interface which is enabled in LAN General Setup is available for selection However LAN1 is always enabled Update DDNS Enable Check the box to up...

Page 189: ...ption Enable Config Sync Max Sync to 10 routers Check this box to enable configuration synchronization To sync configuration from primary to secondary router both primary and seconday routers need to enable config sync Note that config sync can be enabled by Hot Standby redundancy method only Config Sync Interval Day Hour Minute Primary router will sync its configuration to secondary router based ...

Page 190: ...ed as primary device the lower Vigor2952 is regarded as secondary device When primary Vigor2952 Series is broken down the secondary device could replace the primary role to take over all jobs as soon as possible However once the primary device is working again the secondary device would be changed to original role to stand by ...

Page 191: ...red 802 1x authentication User Profile Select All Click it to select all of the profiles under Available List Clear All Click it to remove all of the profiles under Authentication List Sync User Profile Make the enabling disabling setting for both Internal RADIUS and Local 802 1X synchronize for all of the user profiles User Management User Profile For example if Local 802 1x is configured as Enab...

Page 192: ...nabled previously OK Click it to save the settings Clear Click it to remove previous setting configuration Cancel Click it to give up all settings configuration When you finish the configuration please click OK to save and exit this page ...

Page 193: ...s into the web user interface of the Vigor router 2 Open Applications Active Directory LDAP to get the following page for configuring LDAP related settings There are three types of bind type supported Simple Mode Just simply do the bind authentication without any search action Anonymous Perform a search action first with Anonymous account then do the bind authentication Regular Mode Mostly it is t...

Page 194: ...Vigor2952 Series User s Guide 182 and 4 Click OK to save the settings above 5 Open User Management General Setup Select User Based as the Mode option ...

Page 195: ...n VPN and Remote Access PPP General Setup to check the profile s that will be authenticated with LDAP server After above configurations users belong to either rd1 or shrd group can access Internet after inputting their credentials on LDAP server ...

Page 196: ...interface Specify Interface Through dedicated interface WAN LAN VPN the data can be sent from the source IP to the destination IP Address Mapping Allows you specify the outgoing WAN IP address es for an internal private IP address or a range of internal private IP addresses Priority The router will determine which policy will be adopted for transmitting the packet according to the priority of Stat...

Page 197: ...I II I 5 5 1 1 1 1 S St ta at ti ic c R Ro ou ut te e f fo or r I IP Pv v4 4 Available settings are explained as follows Item Description Index The number 1 to 30 under Index allows you to open next page to set up static route Destination Address Displays the destination address of the static route Status Displays the status of the static route Set to Factory Default Clear all of the settings and ...

Page 198: ...ernal Router B 192 168 1 3 have set Main Router 192 168 1 1 as the default gateway for the Router A 192 168 1 2 Before setting Static Route user A cannot talk to user B for Router A can only forward recognized packets to its default gateway Main Router 1 Go to LAN page and click General Setup select 1st Subnet as the RIP Protocol Control Then click the OK button Info There are two reasons that we ...

Page 199: ...on IP Address Type an IP address as the destination of such static route Subnet Mask Type the subnet mask for such static route Gateway IP Address Type the gateway IP addres for such static route Network Interface Use the drop down list to specify an interface for such static route 3 Return to Static Route Setup page Click on another Index Number to add another static route as show below which reg...

Page 200: ...atic route Status Displays the status of the static route Set to Factory Default Clear all of the settings and return to factory default settings Viewing IPv6 Routing Table Displays the routing table for your reference Click any underline of index number to get the following page Available settings are explained as follows Item Description Enable Click it to enable this profile Destination IPv6 Ad...

Page 201: ...face Address Display the WAN IP or WAN IP alias address which is used as source IP of the outgoing packets Src IP Start Displays the IP address for the start of the source IP Src IP End Displays the IP address for the end of the source IP Dest IP Start Displays the IP address for the start of the destination IP Dest IP End Displays the IP address for the end of the destination IP Dest Port Start D...

Page 202: ...he LAN will be passed through the WAN interface Destination IP Any Any IP can be treated as the destination IP Dest IP Start Type the destination IP start for the specified WAN interface Dest IP End Type the destination IP end for the specified WAN interface If this field is blank it means that all the destination IPs will be passed through the WAN interface 3 Click Next to get the following page ...

Page 203: ...ilable settings are explained as follows Item Description Force NAT Force Routing It determines which mechanism that the router will use to forward the packet to WAN 5 After choosing the mechanism click Next to get the summary page for reference 6 If there is no error click Finish to complete wizard setting ...

Page 204: ...s policy Criteria Protocol Use the drop down menu to choose a proper protocol for the WAN interface Source IP Any Any IP can be treated as the source IP Src IP Start Type the source IP start for the specified WAN interface Src IP End Type the source IP end for the specified WAN interface If this field is blank it means that all the source IPs inside the LAN will be passed through the WAN interface...

Page 205: ...mitted based on all routes or Route Policy Vigor router will determine which rule will be adopted for transmitting the packet according to the priority of Static Route and Route Policy The greater the value is the lower the priority is Default value for route policy is 200 which means it has higher priority than the default route More options Packet Forwarding to WAN via When you choose WAN e g WA...

Page 206: ...er analyze how multiple packets in a specified file will be sent by a route policy Packet Information Specify the nature of the packets to be analyzed by Vigor router ICMP UDP TCP ANY Specify a protocol for diagnosis Src IP Type an IP address as the source IP Dst IP Type an IP address as the destination IP Dst Port Use the drop down list to specify the destination port Analyze Click it to perform ...

Page 207: ...b of analyzing The analyzed result will be shown on the page If required click export analysis to export the result as a file Note that the analysis was based on the current load balance route policy settings we do not guarantee it will be 100 the same as the real case ...

Page 208: ...evised later Example 1 In the following figure a LAN to LAN VPN tunnel is built between DrayTek VPN router e g Vigor2952 Series and the remote router Firewall Router can receive all of the traffic coming from remote PC which wants to access into Internet and send back the packets to Remote Router through VPN Router 1 Establish a VPN tunnel between VPN Router and the Remote Router 2 Change to defau...

Page 209: ...t value is fixed as 250 And Routes in Routing Table are fixed as 150 You can adjust the value for such route policy with lower value e g 100 to ensure it will be applied to packets transmission with the highest priority 5 After finished the above settings click OK to save the configuration 6 To route the packets coming from the Firewall Router back to the remote router access into the web user int...

Page 210: ...e created by the side of Router A to break through the Internet censorship circumvention A VPN tunnel has been established between Router A and router B 1 Access into the web user interface of Router A 2 Open Load Balance Route Policy 3 Click any index number e g 1 in this case 4 In the following web page check Enable type 192 168 1 10 as Src IP Range type 213 57 89 100 as the Destination IP for t...

Page 211: ... will be mapped into either 202 211 100 10 or 203 98 200 10 which IP or mapping is decided by the internal load balancing algorithm With address mapping feature you can manually configure any host mapping to any WAN interface to fit the request In the above example you can configure NAT Host 1 to always map to 202 211 100 10 WAN1 Host 2 to always map to 202 211 100 11 WAN1 alias Host 3 always map ...

Page 212: ... of WAN 1 to open the following page From the above figure set main WAN IP address as 202 211 100 10 Click the WAN IP Alias button to configure the other IP address which is 202 211 100 11 Make sure Join IP NAT Pool is not checked Click OK to save the settings ...

Page 213: ...es User s Guide 201 4 After finished configuration for WAN1 open Load Balance Route Policy 5 Click Index number 1 and 2 to configure the details After finished the settings click OK to save the settings respectively ...

Page 214: ...s User s Guide 202 And 6 Upon completing the above configuration you have specified the outgoing IP address es for some specific computers Now you bind some specific computers to some WAN IP alias for outgoing traffic ...

Page 215: ...he following figure shows a simple application of load balance WAN1 and WAN2 can be used to access into Internet The PC in LAN1 can send the data to the remote PC through the specified WAN1 1 Access into web user interface of Vigor2952 Series Open Load Balance Route Policy General Setup 2 From the following web page simply click index number 1 ...

Page 216: ...st IP Start and Dest IP End with 203 65 1 35 and 203 65 1 35 choose WAN1 as the Interface click default gateway 4 After finished the above settings click OK to save the configuration Now the packets sent to the remote PC IP address 203 65 1 35 will be forced to pass through WAN1 ...

Page 217: ...ssion is getting slowly and slowly you can configure this page to accelerate the data streaming by hardware itself Open Hardware Acceleration to access into the following page Available settings are explained as follows Item Description Mode Auto When the hardware acceleration is configured with the Auto mode the sessions with the heaviest loading and the lower latency traffic will be added into P...

Page 218: ...sions into the PPA For the PPA only support s128 sessions these hosts will share these sessions Therefore the performance will be lower than only one host Choose this option to specify certain PCs on LAN to apply the hardware acceleration Enable Check the box to make PC s specified in the selected index entry to be applied Dest Port Start Type the starting port for the PC s in LAN Dest Port End Ty...

Page 219: ...ser s Guide 207 P Pa ar rt t I II II I W Wi ir re el le es ss s L LA AN N Wireless LAN enables high mobility so WLAN users can simultaneously access all LAN facilities just like on a wired LAN as well as Internet access ...

Page 220: ...wired LAN as well as Internet access Vigor2952 wireless router is a highly integrated wireless local area network WLAN for 2 4 GHz 802 11n WLAN applications Vigor2952 n series router supports 802 11n up to 300 Mbps for 40 MHz channel operations Info The actual data throughput will vary according to the network conditions and environmental factors including volume of network traffic network overhea...

Page 221: ...may consider using WPA for the most secure connection You should select the appropriate security mechanism according to your needs No matter which security suite you select they all will enhance the over the air data protection and or privacy on your wireless network The Vigor wireless router is very flexible and can support multiple secure connections with both WEP and WPA at the same time Info T...

Page 222: ... Series User s Guide 210 W WP PS S WPS Wi Fi Protected Setup provides easy procedure to make network connection between wireless station and wireless access point vigor router with the encryption of WPA and WPA2 ...

Page 223: ...page will be used for internal users in a company or your home Available settings are explained as follows Item Description Name Type the SSID name of this router for wireless 2 4GHz The default name is defined with DrayTek Change the name if required Mode At present the router can connect to 11b Only 11n Only 11g Only Mixed 11b 11g Mixed 11g 11n and Mixed 11b 11g 11n stations simultaneously Simpl...

Page 224: ...on Available settings are explained as follows Item Description Enable Disable Click it to enable or disable settings in this page SSID Type the SSID name of this router SSID1 Security Key The wireless mode offered by this wizard is WPA2 PSK The WPA encrypts each frame transmitted from the radio using the key which either PSK Pre Shared Key entered manually in this field below or automatically neg...

Page 225: ...ies User s Guide 213 4 After typing the required information click Next 5 The following page will display the configuration summary for wireless setting 6 Click Finish to complete the wireless settings configuration ...

Page 226: ...ously Simply choose Mixed 11b 11g 11n mode Channel Means the channel of frequency of the wireless LAN The default channel is 6 You may switch channel if the selected channel is under serious interference If you have no idea of choosing the frequency please select Auto to let system determine for you Hide SSID Check it to prevent from wireless sniffing and make it harder for unauthorized clients or...

Page 227: ... for each other VPN Check this box to make the wireless clients stations with different VPN not accessing for each other Schedule Set the wireless LAN to work at certain time interval only You may choose up to 4 schedules out of the 15 schedules pre defined in Applications Schedule setup The default setting of this field is blank and the function will always work After finishing all the settings h...

Page 228: ...security mode is provided and stated on the label pasted on the bottom of the router For the wireless client who wants to access into Internet through such router please input the default PSK value for connection By clicking the Security a new web page will appear so that you could configure the settings of WPA and WEP Available settings are explained as follows Item Description Mode There are sev...

Page 229: ...d be entered in PSK WPA The WPA encrypts each frame transmitted from the radio using the key which either PSK Pre Shared Key entered manually in this field below or automatically negotiated via 802 1x authentication Either 8 63 ASCII characters such as 012345678 or 64 Hexadecimal digits leading by 0x such as 0x321253abcde Pre Shared Key PSK Either 8 63 ASCII characters such as 012345678 or 64 Hexa...

Page 230: ...to enable the MAC Address filter for wireless LAN identified with SSID 1 to 4 respectively All the clients expressed by MAC addresses listed in the box can be grouped under different wireless LAN For example they can be grouped under SSID 1 and SSID 2 at the same time if you check SSID 1 and SSID 2 MAC Address Filter Display all MAC addresses that are edited before Client s MAC Address Manually en...

Page 231: ...ss access point vigor router with the encryption of WPA and WPA2 Info WPS is available for the wireless station with WPS supported It is the simplest way to build connection between wireless network clients and vigor router Users do not need to select any encryption mode and type any long encryption passphrase to setup a wireless client every time He she only needs to press a button on wireless cl...

Page 232: ...art PBC button of network card If you want to use PIN code you have to know the PIN code specified in wireless client Then provide the PIN code of the wireless client you wish to connect to the vigor router For WPS is supported in WPA PSK or WPA2 PSK mode if you do not choose such mode in Wireless LAN Security you will see the following message box Please click OK and go back Wireless LAN Security...

Page 233: ...ode of the router Only WPA2 PSK and WPA PSK support WPS Configure via Push Button Click Start PBC to invoke Push Button style WPS setup procedure The router will wait for WPS requests from wireless clients about two minutes The WPS LED on the router will blink fast when WPS is in progress It will return to normal condition after two minutes You need to setup WPS within two minutes Configure via Cl...

Page 234: ...bridge interface The application for the WDS Repeater mode is depicted as below The major difference between these two modes is that while in Repeater mode the packets received from one peer AP can be repeated to another peer AP through WDS links Yet in Bridge mode packets received from a WDS link will only be forwarded to local wired or wireless hosts In other words only Repeater mode can do WDS ...

Page 235: ...following page will be shown Available settings are explained as follows Item Description Mode Choose the mode for WDS setting Disable mode will not invoke any WDS setting Bridge mode is designed to fulfill the first type of application Repeater mode is for the second one ...

Page 236: ...sses are allowed to be entered in this page at one time Yet please disable the unused link to get better performance If you want to invoke the peer MAC address remember to check Enable box in the front of the MAC address after typing Repeater If you choose Repeater as the connecting mode please type in the peer MAC address in these fields Four peer MAC addresses are allowed to be entered in this p...

Page 237: ...ng devices of 802 11a b g Channel Bandwidth 20 the router will use 20Mhz for data transmission and receiving between the AP and the stations 20 40 the router will use 20Mhz or 40Mhz for data transmission and receiving according to the station capability Such channel can increase the performance for data transit 20 40 80 the router will use 20Mhz 40Mhz or 80Mhz for data transmission and receiving a...

Page 238: ...DRIVE refer to the following picture of Vigor N61 wireless utility window choose Enable for TxBURST on the tab of Option Note means the real transmission rate depends on the environment of the network Antenna Vigor router can be attached with two antennas to have good data transmission via wireless connection However if you have only one antenna attached please choose 1T1R Tx Power Set the power p...

Page 239: ...e wireless performance Set the RTS threshold of wireless radio Do not modify default value if you don t know what it is default value is 2347 Country Code Vigor router broadcasts country codes by following the 802 11d standard However some wireless stations will detect scan the country code to prevent conflict occurred If conflict is detected wireless station will be warned and is unable to make n...

Page 240: ...e of the APs on the wireless LAN Yet only the AP which is in the same channel of this router can be found Please click Scan to discover all the connected APs Available settings are explained as follows Item Description Scan It is used to discover all the connected AP The results will be shown on the box above this button Statistics It displays the statistics for the channels used by APs Add to If ...

Page 241: ... with its status code There is a code summary below for explanation For convenient Access Control you can select a WLAN station and click Add to Access Control below Available settings are explained as follows Item Description Refresh Click this button to refresh the status of station list Add Click this button to add current typed MAC address into Access Control ...

Page 242: ...and will not occupy the wireless network for a long time Available settings are explained as follows Item Description SSID Display the SSID that the wireless station will use it to connect with Vigor router Enable Check the box to enable the station control function Connection Time Reconnection Time Use the drop down list to choose the duration for the wireless client connecting reconnecting to Vi...

Page 243: ...mit is determined according to the limitation of the wireless client Total Upload Limit It is available when Auto Adjustment is selected Type a value to define the maximum data traffic uploading for all of the wireless clients connecting to Vigor2952 Total Download Limit It is available when Auto Adjustment is selected Type a value to define the maximum data clientstations connecting to Vigor2952 ...

Page 244: ...Vigor2952 Series User s Guide 232 This page is left blank ...

Page 245: ... a manner that emulates the properties of a point to point private link It is a form of VPN that can be used with a standard Web browser A digital certificate works as an electronic ID which is issued by a certification authority CA It contains information such as your name a serial number expiration dates etc and the digital signature of the certificate issuing authority so that a recipient can v...

Page 246: ...the Internet In short by VPN technology you can send data between two computers across a shared or public network in a manner that emulates the properties of a point to point private link The VPN built is suitable for Communication between home office and customer Secure connection between Teleworker staff on business trip and main office Exchange data between remote office and main office POS bet...

Page 247: ...r VPN dial out connection from server to client step by step 1 Open Wizards VPN Client Wizard The following page will appear Available settings are explained as follows Item Description LAN to LAN Client Mode Selection Choose the client mode Route Mode NAT Mode If the remote network only allows you to dial in with single IP please choose NAT mode otherwise please choose Route Mode Please choose a ...

Page 248: ...pes provided here Different type will lead to different configuration page After making the choices for the client profile please click Next You will see different configurations based on the selection s you made Info The following descriptions for VPN Type are based on the Route Mode specified in LAN to LAN Client Mode Selection When you choose PPTP None Encryption or PPTP Encryption you will see...

Page 249: ...Vigor2952 Series User s Guide 237 When you choose IPsec you will see the following graphic ...

Page 250: ...Vigor2952 Series User s Guide 238 When you choose L2TP you will see the following graphic When you choose L2TP over IPsec Nice to Have or L2TP over IPsec Must you will see the following graphic ...

Page 251: ...le connecting the router will use WAN1 WAN2 WAN3 WAN4 as the only channel for VPN connection WAN1 Only Only establish VPN if WAN2 down If WAN2 failed the router will use WAN1 for VPN connection WAN2 Only Only establish VPN if WAN1 down If WAN1 failed the router will use WAN2 for VPN connection Always On Check to enable router always keep VPN connection Server IP Host Name for VPN Type the IP addre...

Page 252: ...lgorithm from Data Encryption Standard DES Triple DES 3DES and AES User Name This field is used to authenticate for connection when you select PPTP or L2TP with or without IPsec policy above The length of the user name is limited to 11 characters Password This field is used to authenticate for connection when you select PPTP or L2TP with or without IPsec policy above The length of the password is ...

Page 253: ...d Remote Access Connection Management for viewing VPN Connection status Do another VPN Server Wizard Setup Click this radio button to set another profile of VPN Server through VPN Server Wizard View more detailed configuration Click this radio button to access VPN and Remote Access LAN to LAN for viewing detailed configuration ...

Page 254: ... please choose Site to Site VPN Remote Dial in User You can manage remote access by maintaining a table of remote user profile so that users can be authenticated to dial in via VPN connection Please choose a LAN to LAN Profile This item is available when you choose Site to Site VPN LAN to LAN as VPN server mode Please choose a Dial in User Accounts This item is available when you choose Remote Dia...

Page 255: ...making the choices for the server profile please click Next You will see different configurations based on the selection you made Here we take the examples of choosing Site to Site VPN as the VPN Server Mode When you check PPTP you will see the following graphic When you check PPTP IPsec L2TP three types or PPTP IPsec two types or L2TP with Policy Nice to Have Must you will see the following graph...

Page 256: ... type a pre shared key The length of the name is limited to 64 characters Confirm Pre Shared Key Type the pre shared key again for confirmation Digital Signature X 509 Check the box of Digital Signature to invoke this function Peer ID Choose the peer ID selection from the drop down list Local ID Choose Alternative Subject Name First or Subject Name First Peer IP VPN Client IP Type the WAN IP addre...

Page 257: ...ailable settings are explained as follows Item Description Go to the VPN Connection Management Click this radio button to access VPN and Remote Access Connection Management for viewing VPN Connection status Do another VPN Server Wizard Setup Click this radio button to set another profile of VPN Server through VPN Server Wizard View more detailed configuration Click this radio button to access VPN ...

Page 258: ... the necessary VPN service as you need If you intend to run a VPN server inside your LAN you should disable the VPN service of Vigor Router to allow VPN tunnel pass through as well as the appropriate NAT settings such as DMZ or open port After finishing all the settings here please click OK to save the configuration ...

Page 259: ...ption method will be optionally employed in the router for the remote dial in user If the remote dial in user does not support the MPPE encryption algorithm the router will transmit no MPPE encrypted packets Otherwise the MPPE encryption scheme will be used to encrypt the data Require MPPE 40 128bits Selecting this option will force the router to encrypt packets by using the MPPE encryption algori...

Page 260: ... a start IP address for the dial in PPP connection You should choose an IP address from the local private network For example if the local private network is 192 168 1 0 255 255 255 0 you could choose 192 168 1 200 as the Start IP Address You can configure up to four start IP addresses for LAN1 LAN8 PPP Authentication Methods Select the method s to be used for authentication in PPP connection Whil...

Page 261: ... the data payload only It can just apply to local packet e g L2TP over IPsec The Tunnel mode will not only add the AH ESP payload but also use a new IP header Tunneled IP header to encapsulate the whole original IP packet Authentication Header AH provides data authentication and integrity for IP packets passed between VPN peers This is achieved by a keyed one way hash function to the packet to cre...

Page 262: ...urity Payload ESP means payload data will be encrypted and authenticated You may select encryption algorithm from Data Encryption Standard DES Triple DES 3DES and AES After finishing all the settings here please click OK to save the configuration I IV V 1 1 6 6 I IP Ps se ec c P Pe ee er r I Id de en nt ti it ty y To use digital certificate for peer authentication in either LAN to LAN connection o...

Page 263: ...unt Check it to enable such account profile Accept Any Peer ID Click to accept any peer regardless of its identity Accept Subject Alternative Name Click to check one specific field of digital signature to accept the peer with matching value The field can be IP Address Domain or E mail Address The box under the Type will appear according to the type you select and ask you to fill in corresponding s...

Page 264: ...ilt in RADIUS client function The following figure shows the summary table Available settings are explained as follows Item Description Set to Factory Default Click to clear all indexes View All Click it to display the all of the user accounts Online Click it to display the online user accounts Offline Click it to display the offline user accounts Index Click the number below Index to access into ...

Page 265: ...PN connection through the Internet You should set the User Name and Password of remote dial in user below IPsec Tunnel Allow the remote dial in user to make an IPsec VPN connection through Internet L2TP with IPsec Policy Allow the remote dial in user to make a L2TP VPN connection through the Internet You can select to use L2TP alone or with IPsec Select from below None Do not apply the IPsec polic...

Page 266: ...de Type the code for authentication e g 1234 Secret Use the 32 digit secret number generated by mOTP in the mobile phone e g e759bb6f0e94c7ab4fe6 Subnet Chose one of the subnet selections for such VPN profile Assign Static IP Address Please type a static IP address for the subnet you specified IKE Authentication Method This group of fields is applicable for IPsec Tunnels and L2TP with IPsec Policy...

Page 267: ...N N Here you can manage LAN to LAN connections by maintaining a table of connection profiles You may set parameters including specified connection direction dial in or dial out connection peer ID connection type VPN connection including PPTP IPsec Tunnel and L2TP by itself or over IPsec and corresponding security methods etc The following figure shows the summary table according to the item All Tr...

Page 268: ...pty Active V means the profile has been enabled X means the profile has not been enabled Status Indicate the status of individual profiles The symbol V and X represent the profile to be active and inactive respectively To edit each profile 1 Click each index to edit each profile and you will get the following page Each LAN to LAN profile includes 5 subgroups If the fields gray out it means you may...

Page 269: ...n there is conflict occurred between the hosts on both sides of VPN Tunnel in connecting such function can block data transmission of Netbios Naming Packet inside the tunnel Multicast via VPN Some programs might send multicast packets via VPN connection Pass Click this button to let multicast packets pass through the router Block This is default setting Click this button to let multicast packets b...

Page 270: ... negotiation Otherwise the dial out VPN connection becomes one pure L2TP connection Must Specify the IPsec policy to be definitely applied on the L2TP connection SSL Tunnel Build an SSL VPN connection to the server through Internet User Name This field is applicable when you select PPTP or L2TP with or without IPsec policy above The length of the name is limited to 49 characters Password This fiel...

Page 271: ... AES with Authentication Use AES encryption algorithm and apply MD5 or SHA 1 authentication algorithm Advanced Specify mode proposal and key life of each IKE phase Gateway etc The window of advance setup is shown as below IKE phase 1 mode Select from Main mode and Aggressive mode The ultimate outcome is to exchange security proposals to create a protected secure channel Main mode is more secure th...

Page 272: ...sive mode Local ID is on behalf of the IP address while identity authenticating with remote VPN server The length of the ID is limited to 47 characters Index 1 15 Set the wireless LAN to work at certain time interval only You may choose up to 4 schedules out of the 15 schedules pre defined in Applications Schedule setup The default setting of this field is blank and the function will always work A...

Page 273: ...apply the authentication methods and security methods in the general settings User Name This field is applicable when you select PPTP or L2TP with or without IPsec policy above The length of the name is limited to 11 characters Password This field is applicable when you select PPTP or L2TP with or without IPsec policy above The length of the password is limited to 11 characters VJ Compression VJ C...

Page 274: ...ide wants to use it the peer must enable it too My GRE IP Type the virtual IP for router itself for verified by peer Peer GRE IP Type the virtual IP of peer host for verified by router TCP IP Network Settings My WAN IP This field is only applicable when you select PPTP or L2TP with or without IPsec policy above The default value is 0 0 0 0 which means the Vigor router will get a PPP IP address fro...

Page 275: ...N connection established the router will change the IP address according to the settings configured here and block sessions which are not coming from the IP address defined in the Virtual IP Mapping list After checking the box of IPSec VPN with the Same subnet the options under TCP IP Network Settings will be changed as shown below Remote Network IP Remote Network Mask Add a static route to direct...

Page 276: ...wo types for you to choose Whole Subnet Specific IP Address Virtual IP Mapping A pop up dialog will appear for you to specify the local IP address and the mapping virtual IP address 2 After finishing all the settings here please click OK to save the configuration ...

Page 277: ...be activated when initial connection of single VPN tunnel is off line Before setting VPN TRUNK VPN Backup mechanism backup profile please configure at least two sets of LAN to LAN profiles with fully configured dial out settings first otherwise you will not have selections for grouping Member1 and Member2 F Fe ea at tu ur re es s o of f V VP PN N T TR RU UN NK K V VP PN N L Lo oa ad d B Ba al la a...

Page 278: ...VPN Backup mechanism profile Member1 Display the dial out profile selected from the Member1 drop down list below Active Yes means normal condition No means the state might be disabled or that profile currently is set with Dial in mode for call direction in LAN to LAN Type Display the connection type for that profile such as IPsec PPTP L2TP L2TP over IPsec NICE L2TP over IPsec MUST and so on Member...

Page 279: ...ile Member1 Display the dial out profile selected from the Member1 drop down list below Active Yes means normal condition No means the state might be disabled or that profile currently is set with Dial in mode for call direction in LAN to LAN Type Display the connection type for that profile such as IPsec PPTP L2TP L2TP over IPsec NICE L2TP over IPsec MUST and so on Member2 Display the dial out pr...

Page 280: ...e Status Enable or Disable profile name member1 or member2 Delete Click this button to delete the selected VPN TRUNK profile The corresponding members LAN to LAN profiles grouped in the deleted VPN TRUNK profile will be released and that profiles in LAN to LAN will be displayed in black T Ti im me e f fo or r a ac ct ti iv va at ti in ng g V VP PN N T TR RU UN NK K V VP PN N B Ba ac ck ku up p m m...

Page 281: ... one of the LAN to LAN profiles from Member1 drop down list choose one of the LAN to LAN profiles from Member2 drop down list and click Add at last 4 Take a look for LAN to LAN profiles Index 1 is chosen as Member1 index 2 is chosen as Member2 For such reason LAN to LAN profiles of 1 and 2 will be expressed in red to indicate that they are fixed If you delete the VPN TRUNK VPN Backup Load Balance ...

Page 282: ...ver 192 168 50 200 in the field of Peer GRE IP A Ad dv va an nc ce ed d L Lo oa ad d B Ba al la an nc ce e a an nd d B Ba ac ck ku up p After setting profiles for load balance you can choose any one of them and click Advance for more detailed configuration The windows for advanced load balance and backup are different Refer to the following explanation ...

Page 283: ...t can be divided into Auto Weighted and According to Speed Ratio Auto Weighted can detect the device speed 10Mbps 100Mbps and switch with fixed value ratio 3 7 for packet transmission If the transmission rate for packets on both sides of the tunnels is the same the value of Auto Weighted should be 50 50 According to Speed Ratio allows user to adjust suitable rate manually There are 100 groups of r...

Page 284: ...nding tunnel table can be established UDP means when the source IP destination IP destination port and fragment conditions match with the settings specified here and UDP Service Port also fits the number here such binding tunnel table can be established TCP UPD means when the source IP destination IP destination port and fragment conditions match with the settings specified here and TCP UDP Servic...

Page 285: ... ICMP or Other as Binding Protocol A Ad dv va an nc ce ed d B Ba ac ck ku up p Available settings are explained as follows Item Description Profile Name List the backup profile name ERD Mode ERD means Environment Recovers Detection Normal choose this mode to make all dial out VPN TRUNK backup profiles being activated alternatively Resume when VPN connection breaks down or disconnects ...

Page 286: ...ly Dial out by using Dial out Tool and clicking Dial button Available settings are explained as follows Item Description Dial out Tool General Mode This filed displays the profile configured in LAN to LAN with Index number and VPN Server IP address The VPN connection built by General Mode does not support VPN backup function Backup Mode This filed displays the profile name saved in VPN TRUNK Manag...

Page 287: ...Vigor2952 Series User s Guide 275 information among 5 10 and 30 Refresh Click this button to refresh the whole connection status ...

Page 288: ...ti io on n o on n V Vi ig go or r R Ro ou ut te er r f fo or r H He ea ad d O Of ff fi ic ce e 1 Log into the web user interface of Vigor router 2 Open VPN and Remote Access LAN to LAN to create a LAN to LAN profile The following settings are for a permanent VPN connection 3 Click any index number to open the configuration page Type a name which is easy for identification for such profile in this ...

Page 289: ...l and L2TP boxes Check the box of Specify Remote and type the Peer VPN Server IP e g 218 242 130 19 in this case Press the IKE Pre Shared Key button to set the PSK and select Medium AH or High ESP as the security method 5 Continue to navigate to the TCP IP Network Settings for setting the LAN IP for remote side ...

Page 290: ...g into the web user interface of Vigor router 2 Open VPN and Remote Access LAN to LAN to create a LAN to LAN profile The following settings are for a permanent VPN connection 3 Click any index number to open the configuration page Type a name which is easy for identification for such profile in this case type VPN Client and check the box of Enable This Profile For such Vigor router will be set as ...

Page 291: ...service and type the remote server IP host name e g 218 242 133 91 in this case Press the IKE Pre Shared Key button to set the PSK and select Medium AH or High ESP as the security method 5 Continue to navigate to the TCP IP Network Settings for setting the LAN IP for the remote side 6 Click OK to save the settings ...

Page 292: ...Vigor2952 Series User s Guide 280 7 Open VPN and Remote Access Connection Management to check the dial in connection status from head office ...

Page 293: ... network is a form of VPN that can be used with a standard Web browser There are two benefits that SSL VPN provides It is not necessary for users to preinstall VPN client software for executing SSL VPN connection There are less restrictions for the data encrypted through SSL VPN in comparing with traditional VPN ...

Page 294: ...r It will not affect the HTTPS Port configuration set in System Maintenance Management In general the default setting is 443 Server Certificate When the client does not set any certificate default certificate will be used for HTTPS and SSL VPN server Choose any one of the user defined certificates from the drop down list if users set several certificates previously Otherwise choose Self signed to ...

Page 295: ...e Display the name of the profile that you create URL Display the URL Active Display current status active or inactive of such profile Click number link under Index filed to set detailed configuration Available settings are explained as follows Item Description Name Type name of the profile The length of the name is limited to 15 characters URL Type the address function variation or IP address or ...

Page 296: ...web page will disappear Secured Port Redirection Such technique applies private port mapping to random WAN port There are two restrictions for proxy web server for such selection 1 it is only used for WAN to LAN access the web server must be configured behind vigor router 2 web server gateway must be indicated to vigor router In addition users must execute Connect manually in SSL Client Portal pag...

Page 297: ...cription Name Display the application name of the profile that you create Host Address Display the IP address for VNC RDP or SMB path Service Display the type of the service selected e g VNC RDP SMB Active Display current status active or inactive of the selected profile To create a new SSL application profile 1 Click number link under Index filed to set detailed configuration 2 The following page...

Page 298: ...PC through RDP protocol IP Address If you choose VNC or RDP you have to type the IP address for this protocol Port If you choose VNC or RDP you have to specify the port used for this protocol The default setting is 5900 Idle Timeout If you choose VNC you have to specify the time for disconnecting the SSL VPN tunnel Scaling If you choose VNC you have to choose the percentage 100 80 60 for such appl...

Page 299: ...e for secure web sites such as your online bank The SSL VPN can be operated in either full tunnel mode or proxy mode Now Vigor2952 Series allows up to 16 simultaneous incoming users For SSL VPN identity authentication and power management are implemented through deploying user accounts Therefore the user account for SSL VPN must be set together with remote dial in user web page Such menu item will...

Page 300: ...e password is limited to 23 characters Password This field is applicable when you select PPTP or L2TP with or without IPsec policy above The length of the name password is limited to 19 characters Enable Mobile One Time Passwords mOTP Check this box to make the authentication with mOTP function PIN Code Type the code for authentication e g 1234 Secret Use the 32 digit secret number generated by mO...

Page 301: ...a transmission between the hosts located on both sides of VPN Tunnel while connecting Block When there is conflict occurred between the hosts on both sides of VPN Tunnel in connecting such function can block data transmission of Netbios Naming Packet inside the tunnel Multicast via VPN Some programs might send multicast packets via VPN connection Pass Click this button to let multicast packets pas...

Page 302: ... to disable it High Encapsulating Security Payload ESP means payload data will be encrypted and authenticated You may select encryption algorithm from Data Encryption Standard DES Triple DES 3DES and AES Local ID Specify a local ID to be used for Dial in setting in the LAN to LAN Profile setup This item is optional and can be used only in IKE aggressive mode After finishing all the settings here p...

Page 303: ...h profiles will be used by applications such as User Management VPN and etc Each item is explained as follows Item Description Set to Factory Default Click to clear all indexes Index Display the number of the client which connecting to FTP server Name Display the name of the group profile Click any index number link to open the following page for detailed configuration ...

Page 304: ...ss Remote Dial In User The enabled profiles will be listed in the Available User Account on the left box To add a profile into a group simply choose the one from the left box and click the button It will be displayed in the Selected User Account on the right box For detailed information about configuring the profile setting refer to Objects Setting IP Group RADIUS The RADIUS server will do the aut...

Page 305: ...cess into DrayTek SSL VPN portal interface Next users can open SSL VPN Online Status to view logging status of SSL VPN Available settings are explained as follows Item Description Active User Display current user who visits SSL VPN server Host IP Display the IP address for the host Time out Display the time remaining for logging out Action You can click Drop to drop certain login user from the rou...

Page 306: ...igor router support digital certificates conforming to standard X 509 Any entity wants to utilize digital certificates should first request a certificate issued by a CA server It should also retrieve certificates of other trusted CA servers so it can authenticate the peer with certificates issued by those trusted CA servers Here you can manage generate and manage the local digital certificates and...

Page 307: ...o import a saved file as the certification information Refresh Click this button to refresh the information listed below View Click this button to view the detailed settings for certificate request Delete Click this button to delete selected name with certification information G GE EN NE ER RA AT TE E Click this button to open Generate Certificate Signing Request window Type in all the information...

Page 308: ... T Vigor router allows you to generate a certificate request and submit it the CA server then import it as Local Certificate If you have already gotten a certificate from a third party you may import it directly The supported types are PKCS12 Certificate and Certificate with a private key Click this button to import a saved file as the certification information There are three types of local certi...

Page 309: ...n as OK Upload PKCS12 Certificate It allows users to import the certificate whose extensions are usually pfx or p12 And these certificates usually need passwords Note PKCS12 is a standard for storing private keys and certificates securely It is used in among other things Netscape and Microsoft Internet Explorer with their import and export options Upload Certificate and Private Key It is useful wh...

Page 310: ...ttings for certificate request Info You have to copy the certificate request information from above window Next access your CA server and enter the page of certificate request copy the information into it and submit a request A new certificate will be issued to you by the CA server You can save it D De el le et te e Click this button to remove the selected certificate ...

Page 311: ... certificate authority Root CA will be used to authenticate the digital certificates offered by both ends However the procedure of applying digital certificate from a trusted root certificate authority is complicated and time consuming Therefore Vigor router offers a mechanism which allows you to generate root CA to save time and provide convenience for general user Later such root CA generated by...

Page 312: ...ick GENERATE again I Im mp po or rt ti in ng g a a T Tr ru us st te ed d C CA A To import a pre saved trusted CA certificate please click IMPORT to open the following window Use Browse to find out the saved text file Then click Import The one you imported will be listed on the Trusted CA Certificate window For viewing each trusted CA certificate click View to open the certificate detail informatio...

Page 313: ...tificate for this router can be saved within one file Please click Backup on the following screen to save them If you want to set encryption password for these certificates please type characters in both fields of Encrypt password and Confirm password Also you can use Restore to retrieve these two settings to the router whenever you want ...

Page 314: ...Vigor2952 Series User s Guide 302 This page is left blank ...

Page 315: ...ty has been always the most concerned The firewall of the Vigor router helps to protect your local network against attack from unauthorized outsiders It also restricts users in the local network from accessing the Internet CSM is an abbreviation of Central Security Management which is used to control IM P2P usage filter the web content and URL content to reach a goal of security management ...

Page 316: ...es unsolicited incoming data Selectable Denial of Service DoS Distributed DoS DDoS attacks protection I IP P F Fi il lt te er rs s Depending on whether there is an existing Internet connection or in other words the WAN link status is up or down the IP filter architecture categorizes traffic into two Call Filter and Data Filter Call Filter When there is no existing Internet connection Call Filter i...

Page 317: ...exhaust all your system s resource while the vulnerability attacks will try to paralyze the system by offending the vulnerabilities of the protocol or operation system The DoS Defense function enables the Vigor router to inspect every incoming packet based on the attack signature database Any malicious packet that might duplicate itself to paralyze the host in the secure LAN will be strictly block...

Page 318: ...er Under some circumstance your filter set can be linked to work in a serial manner So here you assign the Start Filter Set only Also you can configure the Log Flag settings Apply IP filter to VPN incoming packets and Accept incoming fragmented UDP packets Click Firewall and click General Setup to open the general setup page G Ge en ne er ra al l S Se et tu up p P Pa ag ge e Such page allows you t...

Page 319: ...checking for data transmission Such feature is enabled in default All the packets while transmitting through Vigor router will be filtered by firewall If the firewall system e g content filter server does not make any response pass or block for these packets then the router s firewall will block the packets directly Block connections initiated from WAN Usually IPv6 network sessions traffic from WA...

Page 320: ...hoose one of the QoS rules to be applied as firewall rule For detailed information of setting QoS please refer to the related section later User Management Such item is available only when Rule Based is selected in User Management General Setup The general firewall rule will be applied to the user user group all users specified here Note When there is no user profile or group profile existed Creat...

Page 321: ... first Or choose Create New from the drop down list in this page to create a new profile For troubleshooting needs you can specify to record information for Web Content Filter by checking the Log box It will be sent to Syslog server Please refer to section Syslog Mail Alert for more detailed information DNS Filter Select one of the DNS Filter profile settings created in CSM DNS Filter for applying...

Page 322: ... stable small value will be proper Session timeout Setting timeout for sessions can make the best utilization of network resources Backup Firewall Click Backup to save the firewall configuration Restore Firewall Click Select to choose a firewall configuration file Then click Restore to apply the file After finishing all the settings here please click OK to save the configuration ...

Page 323: ... Active to enable the filter rule Available settings are explained as follows Item Description Rule Click a button numbered 1 7 to edit the filter rule Click the button will open Edit Filter Rule web page For the detailed information refer to the following page Active Enable or disable the filter rule Comment Enter filter set comments description Maximum length is 23 character long Direction Displ...

Page 324: ...several setting pages Advance Mode Allow to configure detailed settings of filter rule To use Wizard Mode simple do the following steps 1 Click the Wizard Mode radio button 2 Click Index 1 The setting page will appear as follows Available settings are explained as follows Item Description Comments Enter filter set comments description Maximum length is 14 character long Direction Set the direction...

Page 325: ...se the IP Object drop down list to choose the object that you want Protocol Specify the protocol s which this filter rule will apply to Source Port Destination Port when the first and last value are the same it indicates one port when the first and last values are different it indicates a range for the port and available for this service type when the first and last value are the same it indicates...

Page 326: ... Content Filter web page first Or choose Create New from the drop down list in this page to create a new profile For troubleshooting needs you can specify to record information for URL Content Filter by checking the Log box It will be sent to Syslog server Please refer to section Syslog Mail Alert for more detailed information Web Content Filter Select one of the Web Content Filter profile setting...

Page 327: ...Vigor2952 Series User s Guide 315 4 After choosing the mechanism click Next to get the summary page for reference 5 If there is no error click Finish to complete wizard setting ...

Page 328: ...length is 14 character long Index 1 15 Set PCs on LAN to work at certain time interval only You may choose up to 4 schedules out of the 15 schedules pre defined in Applications Schedule setup The default setting of this field is blank and the function will always work Clear sessions when schedule ON Check this box to clear the sessions when the above schedule profiles are applied Direction Set the...

Page 329: ...if you want to use the IP range from defined groups or objects please choose Group and Objects as the Address Type From the IP Group drop down list choose the one that you want to apply Or use the IP Object drop down list to choose the object that you want Service Type Click Edit to access into the following dialog to choose a suitable service type To set the service type manually please choose Us...

Page 330: ...ragmented packets Too Short Apply the rule only to packets that are too short to contain a complete header Filter Specifies the action to be taken when packets match the rule Block Immediately Packets matching the rule will be dropped immediately Pass Immediately Packets matching the rule will be passed immediately Block If No Further Match A packet matching the rule and that does not match furthe...

Page 331: ...to section Syslog Mail Alert for more detailed information URL Content Filter Select one of the URL Content Filter profile settings created in CSM URL Content Filter for applying with this router Please set at least one profile for choosing in CSM URL Content Filter web page first Or choose Create New from the drop down list in this page to create a new profile For troubleshooting needs you can sp...

Page 332: ...e processed Please use the drop down list to choose a codepage If you do not have any idea of choosing suitable codepage please open Syslog From Codepage Information of Setup dialog you will see the recommended codepage listed on the dialog box Window size It determines the size of TCP protocol 0 65535 The more the value is the better the performance will be However if the network is not stable sm...

Page 333: ... filtered by firewall settings configured by Vigor router When the resource is inadequate the packets will be blocked if Strict Security Checking is enabled If Strict Security Checking is not enabled then the packets will pass through the router 3 When you finish the configuration please click OK to save and exit this page ...

Page 334: ...ecting the Threshold of the TCP SYN packets from the Internet has exceeded the defined value the Vigor router will start to randomly discard the subsequent TCP SYN packets for a period defined in Timeout The goal for this is prevent the TCP SYN packets attempt to exhaust the limited resource of Vigor router By default the threshold and timeout values are set to 2000 packets per second and 10 secon...

Page 335: ...ck IP options Check the box to activate the Block IP options function The Vigor router will ignore any IP packets with IP option field in the datagram header The reason for limitation is IP option appears to be a vulnerability of the security for the LAN because it will carry significant information such as security TCC closed user group parameters a series of Internet addresses routing messages e...

Page 336: ...e they re construct the packets The Vigor routers will block any packets realizing this attacking activity Block ICMP Fragment Check the box to activate the Block ICMP fragment function Any ICMP packets with more fragment bit set are dropped Block Unassigned Numbers Check the box to activate the Block Unknown Protocol function Individual IP packet has a protocol field in the datagram header to ind...

Page 337: ...Vigor2952 Series User s Guide 325 ...

Page 338: ...scription Mode To have a firewall rule test specify the service type ICMP UDP TCP of the packet and type of the IP address IPv4 IPv6 Direction Set the way from WAN or from LAN that Vigor router receives the first packet for test Different way means the firewall will process the connection initiated from LAN or from WAN Test View This is a dynamic display page According to the direction specified t...

Page 339: ...irection from Computer A to B or from the B to A for the second packet Protocol It displays the mode selected above and the sate If required click the mode link to configure advanced setting The common service type Customize Ping Trace Route Customize DNS Trace Route Customize Http GET related to that mode ICMP UDP TCP will be shown on the following dialog box Type Choose Customize Ping Trace Rout...

Page 340: ...es User s Guide 328 The following figure shows the test result after clicking Analyze Processing state for the fuctions MAC Filter QoS User management etc related to the firewall will be displayed by green or red LED ...

Page 341: ...8 1 10 192 168 1 20 accessing to Internet through Vigor router Others e g 192 168 1 31 and 192 168 1 32 outside the range can get the source from LAN only The way we can use is to set two rules under Firewall For Rule 1 of Set 2 under Firewall Filter Setup is used as the default setting we have to create a new rule starting from Filter Rule 2 of Set 2 1 Access into the web user interface of Vigor ...

Page 342: ... Filter Rule 7 If Block If No Further Match for is selected for Filter the firewall of the router would check the packets with the rules starting from Rule 3 to Rule 7 The packets not matching with the rules will be processed according to Rule 2 4 Next set another rule Just open Firewall Filter Setup Click the Set 2 link and choose the Filter Rule 3 button 5 Check the box of Check to enable the Fi...

Page 343: ...t Type 192 168 1 10 in the field of Start IP and type 192 168 1 20 in the field of End IP Then click OK to save the settings The computers within the range can access into the Internet 7 Now check the content of Source IP is correct or not The action for Filter shall be set with Pass Immediately Then click OK to save the settings ...

Page 344: ...2 Series User s Guide 332 8 Both filter rules have been created Click OK Now all the settings are configured well Only the computers with the IP addresses within 192 168 1 10 192 168 1 20 can access to Internet ...

Page 345: ...ecks the URL strings or some of HTTP data hiding in the payload of TCP packets while legacy firewall inspects packets based on the fields of TCP IP headers only On the other hand Vigor router can prevent user from accidentally downloading malicious codes from web pages It s very common that malicious codes conceal in the executable objects such as ActiveX Java Applet compressed files and other exe...

Page 346: ... will be applied in Default Rule of Firewall General Setup for filtering Available settings are explained as follows Item Description Set to Factory Default Clear all profiles Profile Display the number of the profile which allows you to click to set different policy Name Display the name of the APP Enforcement Profile Click the number under Index column for settings in detail There are four tabs ...

Page 347: ...is 15 characters Select All Click it to choose all of the items in this page Clear All Uncheck all the selected boxes Enable Check the box to select the APP to be blocked by Vigor router Adv A button under Enable check box allows you to open a pop up window to specify activity for that APP The profiles configured here can be applied in the Firewall General Setup and Firewall Filter Setup pages as ...

Page 348: ...are explained as follows Item Description Upgrade Setting APPE Module Version Display current version status of APPE signature New version from the Internet Download button is available only when Vigor router detects new APPE version After clicking it a dialog will appear with information added to such new version Click OK to exit the dialog and start the signature upgrade Upgrade via interface Ch...

Page 349: ... only environment hence to increase the employee work efficiency How can URL Content Filter work better than traditional firewall in the field of filtering Because it checks the URL strings or some of HTTP data hiding in the payload of TCP packets while legacy firewall inspects packets based on the fields of TCP IP headers only On the other hand Vigor router can prevent user from accidentally down...

Page 350: ...ssage You can type the message manually for your necessity Default Message You can type the message manually for your necessity or click this button to get the default message which will be displayed on the field of Administration Message You can set eight profiles as URL content filter Simply click the index number under Profile to open the following web page Available settings are explained as f...

Page 351: ... URL Access Control and Web Feature below such function can determine the priority for the actions executed For this one the router will process the packages with the conditions set below for web feature first then URL second Log None There is no log file will be recorded for this profile Pass Only the log about Pass will be recorded in Syslog Block Only the log about Block will be recorded in Sys...

Page 352: ...specifying keywords the Vigor router will decline the connection request to the website whose URL string matched to any user defined keyword It should be noticed that the more simplified the blocking keyword list is the more efficiently the Vigor router performs Web Feature Enable Restrict Web Feature Check this box to make the keyword being blocked or passed Action This setting is available only ...

Page 353: ...er MyVigor located on http myvigor draytek com Therefore you need to register an account on http myvigor draytek com for using corresponding service Please refer to section of creating MyVigor account WCF adopts the mechanism developed and offered by certain service provider e g DrayTek No matter activating WCF feature or getting a new license for web content filter you have to click Activate to s...

Page 354: ...etting auto selected You need to specify a server for categorize searching when you type URL in browser based on the web content filter profile Setup Test Server It is recommended for you to use the default setting auto selected Find more Click it to open http myvigor draytek com for searching another qualified and suitable server Set to Factory Default Click this link to retrieve the factory sett...

Page 355: ...with the fastest rate L1 L2 Cache the router will check the URL with fast processing rate combining the feature of L1 and L2 Eight profiles are provided here as Web content filters Simply click the index number under Profile to open the following web page The items listed in Categories will be changed according to the different service providers If you have and activate another web content filter ...

Page 356: ...set here they will be processed with the categories listed on the box below Block restrict accessing into the corresponding webpage with the characters listed on Group Object Selections If the web pages do not match with the specified feature set here they will be processed with the categories listed on the box below Action Pass allow accessing into the corresponding webpage with the categories li...

Page 357: ...NS query coming from clients on LAN Info For DNS filter must use the WCF service profile to filter the packets therefore WCF license must be activated first Otherwise DNS filter does not have any effect on packets Available settings are explained as follows Item Description DNS Filter Profile Table It displays a list of different DNS filter profiles with specified WCF and UCF Click the profile lin...

Page 358: ... Block Only the log about Block will be recorded in Syslog All All the actions Pass and Block will be recorded in Syslog WCF Set the filtering conditions UCF Set the filtering conditions Administration Message Type the words or sentences which will be displayed when a web page is blocked by Vigor router After finishing all the settings please click OK to save the configuration ...

Page 359: ...several useful services such as Anti Spam Web Content Filter Anti Intrusion and etc to filtering the web pages for the sake of protecting your system To access into MyVigor for getting more information please create an account for MyVigor C Cr re ea at te e a an n A Ac cc co ou un nt t v vi ia a V Vi ig go or r R Ro ou ut te er r 1 Click CSM Web Content Filter Profile The following page will appea...

Page 360: ...ies User s Guide 348 2 Click the Activate link A login page for MyVigor web site will pop up automatically 3 Click the link of Create an account now 4 Check to confirm that you accept the Agreement and click Accept ...

Page 361: ...Vigor2952 Series User s Guide 349 5 Type your personal information in this page and then click Continue 6 Choose proper selection for your computer and click Continue ...

Page 362: ...TART 8 Check to see the confirmation email with the title of New Account Confirmation Letter from myvigor draytek com 9 Click the Activate my Account link to enable the account that you created The following screen will be shown to verify the register process is finished Please click Login ...

Page 363: ...rd 11 Now click Login Your account has been activated You can access into MyVigor server to activate the service e g WCF that you want C Cr re ea at te e a an n A Ac cc co ou un nt t v vi ia a M My yV Vi ig go or r W We eb b S Si it te e 1 Access into http myvigor draytek com Find the line of Not registered yet Then click the link Click here to access into next page ...

Page 364: ...confirm that you accept the Agreement and click Accept 3 Type your personal information in this page and then click Continue 4 Choose proper selection for your computer and click Continue 5 Now you have created an account successfully Click START ...

Page 365: ...mation email with the title of New Account Confirmation Letter from myvigor draytek com 7 Click the Activate my Account link to enable the account that you created The following screen will be shown to verify the register process is finished Please click Login ...

Page 366: ... password that you just created in the fields of UserName and Password Then type the code in the box of Auth Code according to the value displayed on the right side of it Now click Login Your account has been activated You can access into MyVigor server to activate the service e g WCF that you want ...

Page 367: ... service Web Content Filter and URL Content Filter Web Content Filter Benefits Easily and quickly implement the category website that you want to block Note License is required URL Content Filter Benefits Free flexible for customize webpage Note Manual setting e g one keyword for one website I I V Vi ia a W We eb b C Co on nt te en nt t F Fi il lt te er r 1 Make sure the Web Content Filter powered...

Page 368: ...router the web page would be blocked and the following message would be displayed instead II Via URL Content Filter A Block the web page containing the word of Facebook 1 Open Object Settings Keyword Object Click an index number to open the setting page 2 In the field of Contents please type facebook Configure the settings as the following figure ...

Page 369: ...s Guide 357 3 Open CSM URL Content Filter Profile Click an index number to open the setting page 4 Configure the settings as the following figure 5 When you finished the above steps click OK Then open Firewall General Setup ...

Page 370: ... the field of URL Content Filter Now users cannot open any web page with the word facebook inside B Disallow users to play games on Facebook 1 Open Object Settings Keyword Object Click an index number to open the setting page 2 In the field of Contents please type apps facebook Configure the settings as the following figure ...

Page 371: ...g page 4 Configure the settings as the following figure 5 When you finished the above steps please open Firewall General Setup 6 Click the Default Rule tab Choose the profile just configured from the drop down list in the field of URL Content Filter Now users cannot open any web page with the word facebook inside ...

Page 372: ...Vigor2952 Series User s Guide 360 This page is left blank ...

Page 373: ...ing Configuration Backup Syslog Mail Alert Time and Date Management Reboot System Firmware Upgrade and Activation It is used to control the bandwith of data transmission through configuration of Sessions Limit Bandwidth Limit and Quality of Servie QoS It is a security feature which disallows any IP traffic except DHCP related packets from a particular host until that host has correctly supplied a ...

Page 374: ...re several items that you have to know the way of configuration System Status TR 069 Administrator Password User Password Login Page Greeting Configuration Backup Syslog Mail Alert Time and Date Management Reboot System Firmware Upgrade Activation and Internal Service User List Below shows the menu items for System Maintenance ...

Page 375: ...formation from this presentation Available settings are explained as follows Item Description Model Name Display the model name of the router Firmware Version Display the firmware version of the router Build Date Time Display the date and time of the current firmware build LAN MAC Address Display the MAC address of the LAN Interface IP Address Display the IP address of the LAN interface Subnet Mas...

Page 376: ...he connection type IP Address Display the IP address of the WAN interface Default Gateway Display the assigned IP address of the default gateway IPv6 Address Display the IPv6 address for LAN Scope Display the scope of IPv6 address For example IPv6 Link Local could only be used for direct IPv6 link It can t be used for IPv6 internet Internet Access Mode Display the connection mode chosen for access...

Page 377: ...ned as follows Item Description ACS Server On Choose the interface for the router connecting to ACS server ACS Server URL Username Password Such data must be typed according to the ACS Auto Configuration Server you want to link Please refer to Auto Configuration Server user s manual for detailed information Test With Inform Click it to send a message based on the event code selection to test if su...

Page 378: ...se of maintaining the binding in the Gateway Please type a number as the minimum period The default setting is 60 seconds Maximum Keep Alive Period If STUN is enabled the CPE must send binding request to the server for the purpose of maintaining the binding in the Gateway Please type a number as the maximum period A value of 1 indicates that no maximum period is specified Apply Settings to APs Thi...

Page 379: ...e password is limited to 23 characters Confirm Password Type in the new password again Administrator Local User The administrator can login web user interface of Vigor router to modify all of the settings to fit the requirements This feature allows other user in LAN who can access into the web user interface with the same privilege of the administrator Local User Check the box to enable the local ...

Page 380: ...ccessfully accesses into web user interface of Vigor router through Internet by username password of admin admin Administrator LDAP Setting Enable LDAP AD login for Admin users If it is enabled any user can access into the web user interface of Vigor router through the LDAP server authentication Enable Admin Login From Wan The default setting is enabled It can ensure that any user is able to succe...

Page 381: ...tor password Password Type in new password in this field The length of the password is limited to 31 characters Confirm Password Type in the new password again Password Strength Display the security strength of the password specified above Set to Factory Default Click to return to the factory default setting When you click OK the login window will appear Please use the new password to access into ...

Page 382: ...ing screen will appear Simply click OK 4 Log out Vigor router web user interface by clicking the Logout button 5 The following window will be open to ask for username and password Type the new user password in the filed of Password and click Login ...

Page 383: ...with User Mode will be shown as follows Settings to be configured in User Mode will be less than settings in Admin Mode Only basic configuration settings will be available in User Mode Info Setting in User Mode can be configured as same as in Admin Mode ...

Page 384: ...s Item Description Enable Check this box to enable the login customization function Login Page Title Type a brief description e g Welcome to DrayTek which will be shown on the heading of the login dialog Welcome Message and Bulletin Type words or sentences here It will be displayed for bulletin message In addition it can be displayed on the login dialog at the bottom Note that do not type URL redi...

Page 385: ...Vigor2952 Series User s Guide 373 ...

Page 386: ...lained as follows Item Description Restore Choose File Click it to specify a file to be restored Click Restore to restore the configuration Backup Click it to perform the configuration backup of this router Protect with password For the sake of security the configuration file for the router can be encrypted Password Type several characters as the password for encrypting the configuration file Conf...

Page 387: ...appear different windows but the backup function is still available Info Backup for Certification must be done independently The Configuration Backup does not include information of Certificate R Re es st to or re e C Co on nf fi ig gu ur ra at ti io on n 1 Go to System Maintenance Configuration Backup The following windows will be popped up as shown below 2 Click Choose File button to choose the ...

Page 388: ...anagement If there is no name here simply lick the link to access into System Maintenance Management to set the router name Server IP Address The IP address of the Syslog server Destination Port Assign a port for the Syslog protocol Mail Syslog Check the box to recode the mail event on Syslog Enable syslog message Check the box listed on this web page to send the corresponding message of firewall ...

Page 389: ...heck this box to activate this function while using e mail application User Name Type the user name for authentication Password Type the password for authentication Enable E mail Alert Check the box to send alert message to the e mail box while the router detecting the item s you specify here Click OK to save these settings For viewing the Syslog please do the following 1 Just set your monitor PC ...

Page 390: ...78 3 From the Syslog screen select the router you want to monitor Be reminded that in Network Information select the network adapter used to connect to the router Otherwise you won t succeed in retrieving information from the router ...

Page 391: ...lect to inquire time information from Time Server on the Internet using assigned protocol Time Server Type the web site of the time server Priority Choose Auto or IPv6 First as the priority Time Zone Select the time zone where the router is located Enable Daylight Saving Check the box to enable the daylight saving Such feature is available for certain area Advanced Click it to open a pop up dialog...

Page 392: ...nable SNMP Agent Check it to enable this function Get Community Set the name for getting community by typing a proper character The default setting is public The maximum length of the text is limited to 23 characters Set Community Set community by typing a proper name The default setting is private The maximum length of the text is limited to 23 characters Manager Host IP IPv4 Set one host as the ...

Page 393: ...e SNMPV3 Agent Check it to enable this function USM User USM means user based security mode Type a username which will be used for authentication The maximum length of the text is limited to 23 characters Auth Algorithm Choose one of the encryption methods listed below as the authentication algorithm Auth Password Type a password for authentication The maximum length of the text is limited to 23 c...

Page 394: ...ent The management pages for IPv4 and IPv6 protocols are different V VI I 1 1 1 10 0 1 1 I IP Pv v4 4 M Ma an na ag ge em me en nt t S Se et tu up p Available settings are explained as follows Item Description Router Name Type in the router name provided by ISP Default Disable Auto Logout If it is enabled the function of auto logout for web user interface will be disabled The web user interface wi...

Page 395: ...ill appear automatically Management Port Setup User Define Ports Check to specify user defined port numbers for the Telnet HTTP HTTPS FTP TR 069 and SSH servers Default Ports Check to use standard port numbers for the Telnet and HTTP servers TLS SSL Encryption Setup Enable SSL 3 0 Check the box to enable the function of SSL 3 0 if required Due to security consideration the built in HTTPS and SSL V...

Page 396: ...ow you managing the router from Internet Check the box es to specify Enable PING from the Internet Check the checkbox to enable all PING packets from the Internet For security issue this function is disabled by default Access List You could specify that the system administrator can only login from a specific host or network defined in the list A maximum of three IPs subnet masks is allowed Index i...

Page 397: ... from LAN interface There are several servers provided by the system which allow you to manage the router from LAN interface Check the box es to specify Apply To Subnet Check the LAN interface for the administrator to use for accessing into web user interface of Vigor router Index in IP Object Type the index number of the IP object profile Related IP address will appear automatically After finishe...

Page 398: ...ficate is a unique identification for the device e g Vigor router which generates the certificate by itself to ensure the router security Such self signed certificate is signed with its own private key The self signed certificate will be applied in SSL VPN HTTPS and so on Click Regeneration to open Regenerate Self Signed Certificate window ...

Page 399: ...Vigor2952 Series User s Guide 387 Type in required information for subject name and subject alternative name that you need for this certificate Then click Generate ...

Page 400: ...edule web page and you can use the number that you have set in that web page If you want to reboot the router using the current configuration check Using current configuration and click Reboot Now To reset the router settings to default values check Using factory default configuration and click Reboot Now The router will take 5 seconds to reboot the system Info When the system pops up Reboot Syste...

Page 401: ...k s web site and FTP site is ftp DrayTek com Click System Maintenance Firmware Upgrade to launch the Firmware Upgrade Utility Choose the right firmware by clicking Select Then click Upgrade The system will upgrade the firmware of the router automatically Click OK The following screen will appear Please execute the firmware upgrade utility first For the detailed information about firmware update pl...

Page 402: ...Click System Maintenance Activation to open the following page for accessing http myvigor draytek com Available settings are explained as follows Item Description Activate via Interface Choose WAN interface used by such device for activating Web Content Filter Activate The Activate link brings you accessing into www vigorpro com to finish the activation of the account and the router Authentication...

Page 403: ...e user name link to access into the web page for modification Radius Check the box to turn on the security authentication service offered by internal RADIUS server for the user profile Uncheck the box to turn off ecurity authentication service offered by internal RADIUS server for the user profile If you check the box next to such item all of the user profiles listed in this page will be enabled w...

Page 404: ...or the detailed setting such as IP address port number configuration of internal RADIUS refer to Applications RADIUS TACACS For the detailed setting such as IP address port number configuration of Local 802 1X refer to LAN Wired 802 1X and Wireless LAN Security ...

Page 405: ... traffic can be throttled back to a lower speed If there s no defined priority to specify which packets should be discarded or in another term dropped from an overflowing queue packets of sensitive applications mentioned above might be the ones to drop off How this will affect application performance There are two components within Primary configuration of QoS deployment Classification Identifying...

Page 406: ...n the backbone will do the same checking before executing treatments in order to ensure service level consistency throughout the whole QoS enabled network However each node may take different attitude toward packets with high priority marking since it may bind with the business deal of SLA among different DS domain owners It s not easy to achieve deterministic and consistent high priority QoS traf...

Page 407: ... W We eb b U Us se er r I In nt te er rf fa ac ce e Below shows the menu items for Bandwidth Management V VI I 2 2 1 1 S Se es ss si io on ns s L Li im mi it t In the Bandwidth Management menu click Sessions Limit to open the web page ...

Page 408: ...n number for each host in the specific range of IP addresses If you do not set the session number in this field the system will use the default session limit for the specific limitation you set for each index Add Adds the specific session limitation onto the list above Edit Allows you to edit the settings for the selected limitation Delete Remove the selected settings existing on the limitation li...

Page 409: ... th h L Li im mi it t In the Bandwidth Management menu click Bandwidth Limit to open the web page To activate the function of limit bandwidth simply click Enable and set the default upstream and downstream limit Available settings are explained as follows Item Description ...

Page 410: ... in this field the system will use the default speed for the specific limitation you set for each index RX limit Define the limitation for the speed of the downstream If you do not set the limit in this field the system will use the default speed for the specific limitation you set for each index Add Add the specific speed limitation onto the list above Edit Allow you to edit the settings for the ...

Page 411: ...ill influence Class 1 Class2 Class 3 Others Display the bandwidth percentage for each class UDP Bandwidth Control Display the UDP bandwidth control is enabled or not Online Statistics Display an online statistics for quality of service for your reference Setup Allow to configure general QoS setting for WAN interface Class Rule Index Display the class number that you can edit Name Display the name ...

Page 412: ...ly click the Edit link to access into next for configuration You can configure general setup for the WAN interface edit the Class Rule and edit the Service Type for the Class Rule for your request O On nl li in ne e S St ta at ti is st ti ic cs s Display an online statistics for quality of service for your reference This feature is available only when the Quality of Service for WAN interface is en...

Page 413: ...ck Setup link again You will see the Online Statistics link appearing on this page WAN Inbound Bandwidth It allows you to set the connecting rate of data input for other WAN For example if your ADSL supports 1M of downstream and 256K upstream please set 1000kbps for this box The default value is 10000kbps WAN Outbound Bandwidth It allows you to set the connecting rate of data output for other WAN ...

Page 414: ...bandwidth to ensure correct calculation of QoS It is suggested to set the bandwidth value for inbound outbound as 80 85 of physical network speed provided by ISP to maximize the QoS performance E Ed di it t t th he e C Cl la as ss s R Ru ul le e f fo or r Q Qo oS S 1 The first three Class 1 to Class 3 class rules can be adjusted for your necessity To add edit or delete the class rule please click ...

Page 415: ...ource address For Single Address you have to fill in Start IP address For Range Address you have to fill in Start IP address and End IP address For Subnet Address you have to fill in Start IP address and Subnet Mask DiffServ CodePoint All the packets of data will be divided with different levels and will be processed according to the level type by the system Please assign one of the levels of the ...

Page 416: ...n of that one and click Edit to open the rule edit page for modification E Ed di it t t th he e S Se er rv vi ic ce e T Ty yp pe e f fo or r C Cl la as ss s R Ru ul le e 1 To add a new service type edit or delete an existed service type please click the Edit link under Service Type field 2 After you click the Edit link you will see the following page ...

Page 417: ...fter finishing all the settings here please click OK to save the configuration By the way you can set up to 10 service types If you want to edit delete an existed service type please select the radio button of that one and click Edit Edit for modification R Re et ta ag g t th he e P Pa ac ck ke et ts s f fo or r I Id de en nt ti if fi ic ca at ti io on n Packets coming from LAN IP can be retagged ...

Page 418: ...n perform the bandwidth management for the protocols streaming remote control web HD and so on Click Bandwidth Management APP QoS to open the following page Available settings are explained as follows Item Description Enable Disable Click Enable to activate APP QoS function Click Disable to deactivate APP QoS function Traceable The protocol listed below is traceable by Vigor router Each tab offers...

Page 419: ...t It is prepared for applying to all protocols Apply Click it to make the selected action be applied all of the selected protocols immediately Action There are many protocols which can be specified with different QoS Class After finishing all the settings please click OK to save the configuration ...

Page 420: ...helps you to well allocate the bandwidth upon your demand of Voice Video or Data transferring Let s see how to get the optimum bandwidth per your request by using DrayTek Vigor router as below Scenario The Internet connection you got from ISP line is 2MB 512Kb There are VoIP telephony network IPTV set top box and data server at your home Assume you want to allocate 30 of the bandwidth you got to V...

Page 421: ...lick Edit to specify the local address 5 In the pop up window choose Range Address as the Address Type and type the start IP address and end IP address in relational fields Click OK to save the settings and exit the window 6 Click OK again to save the settings ...

Page 422: ...or2952 Series User s Guide 410 7 The class rule for VoIP has been set Click OK to return to previous page 8 Do the same steps to add class rules for IPTV and Data Email with IP addresses as shown below and ...

Page 423: ...e bandwidth for different groups among VoIP IPTV and Data Email 10 In the Setup page check the box of Enable the QoS Control Type 30 50 and 15 in the boxes for VoIP IPTV and Data Email respectively Check the box of Enable UDP Bandwidth Control 11 Click OK to save the settings The class rules for WAN1 are defined as shown below ...

Page 424: ...ss internal database Meanwhile children may chat on Skype in the restroom 1 Go to Bandwidth Management Quality of Service 2 Click Setup link of WAN 2 3 4 Make sure the QoS Control on the left corner is checked And select BOTH in Direction 3 Set Inbound Outbound bandwidth Info The rate of outbound inbound must be smaller than the real bandwidth to ensure correct calculation of QoS It is suggested t...

Page 425: ...r Class 1 Click OK to save the settings 5 Click the Setup link for WAN2 The user can set reserved bandwidth e g 25 for E mail using protocol POP3 and SMTP Click OK to save the settings 6 Return to previous page Enter the Name of Index Class 2 by clicking Edit link In this index the user will set reserved bandwidth for HTTPS And click OK ...

Page 426: ...Vigor2952 Series User s Guide 414 7 Click Setup link for WAN2 8 Check Enable UDP Bandwidth Control on the bottom to prevent enormous UDP traffic influence other application Click OK ...

Page 427: ...hapter 3 VPN for detail instruction he may set up an index for it Enter the Class Name of Index 3 In this index he will set reserved bandwidth for 1 VPN tunnel 10 Click Edit for Class 3 to open a new window In this index the user will set reserved bandwidth for VPN 11 Click Add to open the following window Check the ACT box first ...

Page 428: ...Vigor2952 Series User s Guide 416 12 Then click Edit of Local Address to set a worker s subnet address Click Edit of Remote Address to set headquarter s IP address Leave other fields and click OK ...

Page 429: ...er account Network administrator can give different firewall policies or rules for different hosts with different User Management accounts This is more flexible and convenient for network management Not only offering the basic checking for Internet access User Management also provides additional firewall rules e g CSM checking for protecting hosts Info Filter rules configured under Firewall usuall...

Page 430: ...rolled by User Management The mode standard selected here will influence the contents of the filter rule s applied to every user Available settings are explained as follows Item Description Mode There are two modes offered here for you to choose Each mode will bring different filtering effect to the users involved User Based If you choose such mode the router will apply the filter rules configured...

Page 431: ...blank page or upload other image files the size no mare than 524 352 pixel to have an image of enterprise or have the effect of advertisement Login Page Greeting Such link allows you to access into the setting page for login greeting For detailed information refer to System Maintenance Login Page Greeting Display IP Address on tracking window Check the box to display the IP address of the client o...

Page 432: ...files up to 200 which will be applied for users controlled under User Management Simply open User Management User Profile To set the user profile please click any index number link to open the following page Notice that profile 1 admin and profile 2 Dial In User are factory default settings Profile 2 is reserved for future use ...

Page 433: ...r passes the authentication he she can access Internet via this router However the accessing operation will be restricted with the conditions configured in this user profile The maximum length of the name you can set is 24 characters Password Type a password for such profile e g lug123 wug123 wug456 etc When a user tries to access Internet through this router an authentication step must be perform...

Page 434: ...For the detailed configuration simply refer to Firewall Filter Rule The firewall filter rules that are not selected in Firewall General Default rule can be available for use in User Management User Profile External Service Authentication router will authenticate the dial in user by itself or by external service such as LDAP server or Radius server or TACACS server If LDAP Radius or TACACS is selec...

Page 435: ...into the web user interface of Vigor router series with the user name and password specified in this profile he she will be lead into the web page configured in Landing Page field in User Management General Setup Check this box to enable such function Index 1 15 in Schedule Setup You can type in four sets of time schedule for your request All the schedules can be set previously in Application Sche...

Page 436: ...gin Setting Such user account will be used 1 by the client with the IP address specified or 2 by the client with the MAC address bound with the IP address for accessing into Vigor2952 web user interface PPPoE MAC Bind Specify a MAC address which is limited and used for such PPPoE account Enable Disable Click it to enable disable the function of PPPoE MAC Bind MAC Address Type the MAC address to be...

Page 437: ...lowing page Available settings are explained as follows Item Description Name Type a name for this user group Available User Objects You can gather user profiles objects from User Profile page within one user group All the available user objects that you have created will be shown in this box Notice that user object Admin and Dial In User are factory settings User defined profiles will be numbered...

Page 438: ...s Use the drop down list to choose the time interval of refreshing data flow that will be done by the system automatically Refresh Click this link to refresh this page manually Index Display the number of the data flow User Display the users which connect to Vigor router currently You can click the link under the username to open the user profile setting page for that user IP Address Display the I...

Page 439: ... settings are explained as follows Item Description Refresh Seconds Use the drop down list to choose the time interval of refreshing data flow that will be done by the system automatically Refresh Click this link to refresh this page manually IP Address Display the IP address of the client in LAN MAC Address Display the MAC address of the client in LAN User Name Display the name of user connecting...

Page 440: ... me en nt t Before using the function of User Management please make sure User Based has been selected as the Mode in the User Management General Setup page With User Management authentication function before a valid username and password have been correctly supplied a particular client will not be allowed to access Internet through the router There are three ways for authentication Web Telnet and...

Page 441: ...s browser he will be redirected to the router s Web authentication interface first Then the client is trying to access http www draytek com and but brought to the Vigor router Since this is an SSL connection some web browsers will display warning messages With Microsoft Internet Explorer you may get the following warning message Please press Continue to this website not recommended ...

Page 442: ...owing warning message Select I Understand the Risks With Chrome browser you may get the following warning Click Proceed anyway After that the web authentication window will appear Input the user name and the password for your account defined in User Management and click Login ...

Page 443: ...n this example it is http www draytek com Furthermore you will get a popped up window as the following Then you can access the Internet Note if you block the web browser to pop up any window you will not see such window If the authentication is failed you will get the error message The username or password you entered is incorrect Please login again ...

Page 444: ...le http 192 168 1 1 or https 192 168 1 1 Replace 192 168 1 1 with your router s real IP address and add the port number if the default management port has been modified If the authentication is successful you will get the Welcome Message that is set in the User Management General Setup page With the default setup body stats 1 script language javascript window location http www draytek com script b...

Page 445: ...es can be extended to the User profiles in User Management for authentication There are two different behaviors when a User Management account and a VPN profile share the same Username If SSL Tunnel or SSL Web Proxy is enabled in the VPN profile the user profile in User Management will always be invalid for Web authentication For example if you create a user profile in User Management with chaoche...

Page 446: ... Au ut th he en nt ti ic ca at ti io on n v vi ia a T Te el ln ne et t The LAN clients can also authenticate their accounts via telnet 1 Telnet to the router s LAN IP address and input the account name for the authentication 2 Type the password for authentication and press Enter The message User login successful will be displayed with the expired time if configured Info Here expired time is Unlimi...

Page 447: ...page of Time Quota is shown as below 4 If the Time Quota is set with 0 minute you will get the following message which means this account has no time quota If the Time Quota is enabled and time is not 0 minute You will get the following message The expired time is shown after you login ...

Page 448: ...omputer from accessing the Internet until it does an authentication again Authentication via VigorPro Alert Notice Tool allows user to setup the re authentication interval so that the utility will send authentication requests periodically This will keep the client hosts from having to manually authenticate again and again The configuration of the VigorPro Alert Notice Tool is as follows 1 Click Au...

Page 449: ...m mp pl le e 1 1 U Us se er rs s c ca an n s se ee e t th he e m me es ss sa ag ge e f fo or r l la an nd di in ng g p pa ag ge e a af ft te er r l lo og gg gi in ng g i in nt to o I In nt te er rn ne et t s su uc cc ce es ss sf fu ul ll ly y 1 Open the web user interface of Vigor2952 2 Open User Management General Setup to get the following page In the field of Landing Page please type the words ...

Page 450: ...the following page check the box of Landing page and click OK to save the settings 5 Open any browser e g FireFox Internet Explorer The logging page will appear and asks for username and password Please type the correct username and password ...

Page 451: ...Vigor2952 Series User s Guide 439 6 Click Login If the logging is successful you will see the message of Login Success from the browser you use ...

Page 452: ...c ca al ll ly y a af ft te er r l lo og gg gi in ng g i in nt to o I In nt te er rn ne et t s su uc cc ce es ss sf fu ul ll ly y 1 In the field of Landing Page please type the words as below body stats 1 script language javascript window location http www draytek com script body 2 Next enable the Landing Page function Open User Management User Profile and click one of the index number e g index nu...

Page 453: ...the following page check the box of Landing page and click OK to save the settings 4 Open any browser e g FireFox Internet Explorer The logging page will appear and asks for username and password Please type the correct username and password ...

Page 454: ...Vigor2952 Series User s Guide 442 5 Click Login If the logging is successful you will be directed into the website of www draytek com ...

Page 455: ...ument introduces how to create Facebook APP and generate the APP ID and APP secret that can be used in Web Portal setup 1 Register as FB Developer Go to https developers facebook com and login the FB account 2 Register the Facebook account as a Developer If the account has been verified previously this step can be skipped 3 Click My Apps then choose Register as Developer 4 Switch to YES then click...

Page 456: ...Vigor2952 Series User s Guide 444 6 Add a New App Click on My Apps Add a New App Choose Website platform 7 Click Skip and Create App ID on first use Type Display Name Choose Category Click Create App ID ...

Page 457: ...Vigor2952 Series User s Guide 445 8 Pops up security check window select the answer and then click Submit to finish the process ...

Page 458: ... Add Platform on My Apps Go to Settings then click Add Platform 11 Choose Website in Select Platform window 12 Enter the Site URL as http portal draytek com Note If you change http port in the vigor please add http port in URLs For example we use 8080 as http port and we ll put http portal draytek com 8080 Enter the Contact Email And click Save Change ...

Page 459: ...47 13 Set up Client OAuth Go to Settings Advanced Client OAuth Settings enter http portal draytek com in Valid OAuth redirect URIs and save changes 14 Go to My Apps Status Review and switch available status to YES to activate the APP ...

Page 460: ...Vigor2952 Series User s Guide 448 ...

Page 461: ...e LAN clients by their Google or Facebook account This document introduces how to create Facebook APP and generate the APP ID and APP secret that can be used in Web Portal setup 1 Create Developer project Go to https code google com apis console login with a Google account then click Create project Type project name then click Create 2 On Dashboard choose Use Google APIs 3 Edit Auth Consent screen...

Page 462: ...ter name Set Authorized JavaScript origins and Authorized redirect URLs as http portal draytek com and click Create Note If you change http port in the vigor please add http port in URLs For example we use 8080 as http port and we ll put http portal draytek com 8080 6 Get client ID and client secret Such information will be used in Vigor Router s Web Portal Setup page ...

Page 463: ... PN N Vigor2952 can build virtual private network VPN between itself and any other TR 069 CPE by the function of central VPN management In addition it can be treated as a server called CVM server which can manage TR 069 CPE for periodical firmware upgrade configuration backup and restoring configuration ...

Page 464: ...ngs for CVM mechanism V VI I 4 4 1 1 1 1 G Ge en ne er ra al l S Se et tt ti in ng gs s To enable the CVM feature the first thing you have to do is enabling CVM port or CVM SSL Port Available settings are explained as follows Item Description CVM SSL Port Check the box to enable the port setting Type the port number in the box CVM Port Check the box to enable the port setting Type the port number ...

Page 465: ... VPN management is operated through IPsec VPN connection Available settings are explained as follows Item Description IPsec Mode Choose Aggressive or Main as the IPsec Mode Security Method Choose one of the following methods AH or ESP for the security of data transmission For example choose AH to specify the IPsec protocol for the Authentication Header protocol The data will be authenticated but n...

Page 466: ... Before using such feature make sure the CVM port has been enabled and configured properly V VI I 4 4 2 2 1 1 M Ma an na ag ge ed d D De ev vi ic ce e L Li is st t This page allows you to manage the CPEs connected to Vigor2952 Series P Pa ag ge e w wi it th ho ou ut t C CP PE E c co on nn ne ec ct te ed d P Pa ag ge e w wi it th h C CP PE E c co on nn ne ec ct te ed d ...

Page 467: ...location manually Delete To disconnect the management of any CPE click the CPE icon you want and click the Delete button Double clicking the CPE icon also can pop up the Managed Device Detail window However you cannot modify any data on the window Unmanaged Devices List Any device CPE which follows the standard of TR 069 can be configured and can be detected by Vigor2952 Series automatically Only ...

Page 468: ... Google Map Refresh Click it to refresh current web page V VI I 4 4 2 2 2 2 C CP PE E M Ma ai in nt te en na an nc ce e This area displays all the profiles which are created for applying to the managed device This page can help the administrator to do maintenance jobs like firmware upgrade configuration backup configuration restoration and etc Available settings are explained as follows Item Descr...

Page 469: ...edule profiles selected for such profile Now The action will be performed for the selected CPE immediately H Ho ow w t to o a ad dd d a a n ne ew w M Ma ai in nt te en na an nc ce e P Pr ro of fi il le e Follow the steps below to create a new maintenance profile 1 Click any index number link e g Index 1 2 The Maintenance page appears Info When restoring configuration to a CPE make sure the configu...

Page 470: ...sed for restoring the configuration of the selected CPE Info When restoring configuration to a CPE make sure the configuration file you selected was backup from this CPE before Because restoring from another device s configuration file may cause serious problem e g Both devices have different ISP username password Restoring configuration from one CPE to the other will cause Internet connection not...

Page 471: ...Series User s Guide 459 V VI I 4 4 2 2 3 3 G Go oo og gl le e M Ma ap p To display the location of the managed CPE with a bird s eye view open Central VPN Management CPE Management and click the tab of Google Map ...

Page 472: ... the LAN to LAN profile It is generated automatically when you click the PPTP IPsec Advanced button to build the VPN connection between Vigor2952 and remote CPE Type Display the dial in type and the authentication method Remote IP Display the IP address of the remote CPE and the interface Virtual Network Display the IP address and subnet mask of Vigor2952 Series Tx Pkts Display the number of the t...

Page 473: ...ty of CVM log is full the system will stop recording Always record the new event only the newest events will be recorded by the system Device Name Display the name of the managed CPE Description Name Display the brief explanation for the managed CPE Time date Display the time and date that the managed CPE scanned by Vigor2952 Series Action Type Display the action that Vigor2952 Series will perform...

Page 474: ...me and password for Vigor2952 Series All the CPE configuration will be done through Vigor2952 series C Co on nf fi ig gu ur re e C CV VM M S Se et tt ti in ng gs s o on n V Vi ig go or r2 29 95 52 2 S Se er ri ie es s 1 Access into the web user interface of Vigor2952 Series 2 Open Central VPN Management General Setup 3 In the following page check the boxes for CVM Port and CVM SSL Port to enable t...

Page 475: ... for example IE Mozilla Firefox or Netscape and type http 192 168 1 1 2 Open System Maintenance TR 069 3 In the field of ACS Server type the URL IP address with port number of Vigor2952 Series and type the same Username and Password defined on the page of Central VPN Management General Setup in Vigor2952 Series Then click Enable for CPE Client and then click OK to save the settings 4 Open System M...

Page 476: ... management access control and click OK 6 Open WAN Internet Access Use the drop down list of Access Mode on WAN1 to select MPoA RFC1483 2684 Then click Details Page 7 Click Specify an IP address Type correct WAN IP address subnet mask and gateway IP address for your CPE Then click OK ...

Page 477: ...rn to the web user interface of Vigor2952 Series 2 Open Central VPN Management VPN Management Now there is one CPE displayed on the field of Unmanaged Devices List 3 Choose the one Vigor2850 from Unmanaged Devices List and click Add The following dialog will be popped up Type the name and the location of the router respectively Click OK to save the configuration 4 The selected CPE will be moved an...

Page 478: ...o or r2 29 95 52 2 S Se er ri ie es s When a remote device is managed by Vigor2952 Series it is easy to build VPN between these two devices 1 Access into the web user interface of Vigor2952 Series 2 Open Central VPN Management CPE Management 3 Click the device icon marked with and click the PPTP IPsec button 4 Wait for a moment If VPN is built successfully related information will be displayed on ...

Page 479: ...h VPN will be generated automatically You can access into VPN and Remote Access LAN to LAN of the remote device for viewing the detailed information Info The profile name is created automatically by the system Do not modify any value in such page to avoid VPN error ...

Page 480: ...or the device e g Vigor2850 managed by Vigor2952 Series Vigor2850 as an example is chosen for Vigor2952 to perform the CPE firmware upgrade remotely in this case 1 Plug in USB storage disk onto Vigor2952 Series via USB interface Make sure the USB disk has been installed correctly otherwise the firmware upgrade will not be successful 2 Access into web user interface of Vigor2952 Series Open Central...

Page 481: ...to perform firmware upgrade from Device Name drop down list From the Action Type choose Firmware Upgrade Type the file path of the newest firmware or click Select to locate it Specify the Schedule profile At last click OK 5 Now a new maintenance profile has been created 6 Click Now to perform the firmware upgrade immediately for Vigor2850 7 Wait for several minutes for firmware upgrade ...

Page 482: ... the managed device if the firmware upgrade is successful or not Click Managed Devices List Click the icon of Vigor2850 and click Edit and view the software version Another way to check if the firmware upgrade is completed or not simply open Central VPN Management Log Alert ...

Page 483: ...st wireless coverage will be clearly indicated through simulated signal strength A AP P M Ma ai in nt te en na an nc ce e Vigor router can execute configuration backup configuration restoration firmware upgrade and remote reboot for the APs managed by the router It is very convenient for the administrator to process maintenance without accessing into the web user interface of the access point L Lo...

Page 484: ...Traffic or Station Number by displaying VigorAP icon text and histogram Just move and click your mouse cursor on Status Event Log Total Traffic or Station Number Corresponding web pages will be open immediately To access into the web user interface of VigorAP simply move your mouse cursor on the VigorAP icon and click it The system will guide you to access into the web user interface of VigorAP ...

Page 485: ...Display the SSID configured for the access point s connected to Vigor2952 Ch Display the channel used by the access point STA List Display the number of wireless clients stations connecting to the access point In which 0 64 means that up to 64 clients are allowed to connect to the access point But now no one connects to the access point The number displayed on the left side means 2 4GHz and the nu...

Page 486: ...ined as follows Item Description Profile Display the name of the profile The default profile cannot be renamed Main SSID Display the SSID configured by such wireless profile Security Display the security mode selected by such wireless profile Multi SSID Enable means multiple SSIDs more than one are active Disable means only SSID1 is active WLAN ACL Display the name of the access control list Rate ...

Page 487: ...ly the selected wireless profile to the specified Access Point Simply choose the device you want from Existing Device field Click to move the device to Selected Device field Then click OK The selected WLAN profile will be applied to the selected access point immediately Later the access point will reboot Apply to Local WLAN Profile configured in this page is specified for VigorAP connected to Vigo...

Page 488: ...it t t th he e w wi ir re el le es ss s L LA AN N p pr ro of fi il le e 1 Check the box on the left side of the selected profile 2 Click the Edit button to display the following page Info The function of Auto Provision is available for the default WLAN profile ...

Page 489: ...Vigor2952 Series User s Guide 477 3 After finished the general settings configuration click Next to open the following page for 2 4G wireless security settings ...

Page 490: ...bove web page configuration click Next to open the following page for 5G wireless security settings 5 When you finished the above web page configuration click Finish to exit and return to the first page The modified WLAN profile will be shown on the web page ...

Page 491: ...med to more than one AP at one time by using Vigor2952 Available settings are explained as follows Item Description Action There are four actions provided by Vigor router to manage the access points Vigor router can backup the configuration of the selected AP restore the configuration for the selected AP perform the firmware upgrade of the selected AP reboot the selected AP remotely and perform th...

Page 492: ...he placement with the best wireless coverage will be clearly indicated through simulated signal strength Each item will be explained as follows Item Description Set to Factory Default Click the link to clear current page configuration Check the box to view or edit the AP Map Location Display a brief description e g ground roof of the AP Map Online APs Display the number of VigorAP configured and p...

Page 493: ...lable settings are explained as follows Item Description Location Profile Name Type a name e g groudfloor for the AP map profile Upload Map Click the Select button to choose an image file only JPG and PNG are supported for floor plan Cancel Click it to cancel the configuration Next Click it to go to the next configuration page 2 Click Next The configuration page with floor plan will be shown as fo...

Page 494: ... icon from Compatible AP List to the map on the left side 4 Choose the signal strength e g 30 in this case from User Define drop down list Click Apply 5 Adjust the AP on the map to find out which place can have the best wireless coverage At last click Save ...

Page 495: ...e one of the managed Access Points LAN A or LAN B daily or weekly for viewing data transmission chart Click Refresh to renew the graph at any time The horizontal axis represents time the vertical axis represents the transmission rate in kbps Info Enabling Disabling such function will also enable disable the External Devices function ...

Page 496: ...r router e g Vigor2952 then Vigor router can obtain the temperature change graph of the USB temperature sensor installed onto VigorAP This page displays data including current temperature maximum temperature minimum temperature and average temperature V VI I 5 5 8 8 E Ev ve en nt t L Lo og g Time and event log for all of the APs managed by Vigor router will be shown on this page It is useful for t...

Page 497: ...f data receiving and data transmitting for VigorAPs managed by Vigor router V VI I 5 5 1 10 0 S St ta at ti io on n N Nu um mb be er r The total number of the wireless clients will be shown on this page no matter what mode of wireless connection 2 4G WLAN or 5G WLAN used by wireless clients to access into Internet through VigorAP ...

Page 498: ...is to prevent lots of stations connecting to access point at the same time and causing traffic unbalanced Please define the required station number for WLAN 2 4GHz and WLAN 5GHz separately By Traffic The operation of load balance will executed according to the traffic configuration in this page Upload Limit Use the drop down list to specify the traffic limit for uploading Download Limit Use the dr...

Page 499: ... VI I 5 5 1 12 2 F Fu un nc ct ti io on n S Su up pp po or rt t L Li is st t Click the Client tab to list the AP management functions that the Access Points support under different firmware versions Click the Server tab to list the AP management functions that Vigor router supports under different firmware versions ...

Page 500: ... LA AN N p pr ro of fi il le e The administrator can manage the access points linked to Vigor2952 1 Open Central AP Management Access Point Devices Vigor2952 will detect the AP connecting to the router automatically and display as below In this case a device named with AP810_001DAA9D362C has been detected by Vigor router 2 Click the Central AP Management WLAN Profile tab to get the following page ...

Page 501: ...uto Provision can automatically apply the settings on Default profile to all of the access points registered to Vigor2952 later Hence it is not necessary for you to manually apply wireless profiles for APs respectively Such feature will be convenient for people who want to quickly deploy multiple Vigor APs in a large exhibition to reach the goal of plug and play and zero configuration ...

Page 502: ...Vigor2952 Series User s Guide 490 4 The following page allows you to modify related settings for 2 4G SSID of managed AP Make the changes you want for 2 4G SSID Click Next for next page ...

Page 503: ...to modify related settings for 5G SSID of managed AP Continue to make any changes you want After finished all of the changes simply click Finish Now the AP represented with AP810_001DAA9D362C detected by Vigor router will be applied with the settings modified by Vigor router ...

Page 504: ...ault settings of VigorSwitch at one time V VI I 6 6 1 1 S St ta at tu us s V VI I 6 6 1 1 1 1 S Sw wi it tc ch h S St ta at tu us s Such page displays information including Group Switch name IP address model System Up Time Port in Use Clients and Firmware Version of VigorSwitch connected to Vigor2952 series One VigorSwitch device is managed by Vigor2952 VigorSwitch listed below Status means the sw...

Page 505: ...igorSwitch System Up Time Display the time accumulated since this Vigorwitch is powered up Port in Use Display how many devices connected to VigorSwitch Clients Display the number of LAN ports used in VigorSwitch Firmware Version Display the firmware version that VigorSwitch current used Add New Such button will appear only when there is more than one switch connected to Vigor2952 The one under Ne...

Page 506: ...ch hy y Such page displays the hierarchy of VigorSwitch es managed under Vigor2952 Please note that Shutdown Port is available for LAN port of VigorSwitch connects to a LAN device When it is checked after clicking OK the network connection between that device and VigorSwitch will be terminated ...

Page 507: ...nnected VigorSwitch will have one setting profile If there are many switches connected to Vigor2952 different index number will be used to represent different VigorSwitch Name Display the user defined name of VigorSwitch Group Display the group name of VigorSwitch es IP Address Display the IP address of VigorSwitch MAC Address Display the MAC address of VigorSwitch Model Display the model name of ...

Page 508: ...eld is unavailable Login Password Display the original login password for the VigorSwitch However if Group Password in Central Management Switch Group is configured with other string then such field is not allowed to type any other password And only the group password will be shown instead IP Address Display the dynamic IP address of the connected switch assigned by Vigor2952 OK Click it to save t...

Page 509: ...Vigor2952 Series User s Guide 497 Setting page with LAN VLAN configured previously 3 Click OK to save VLAN configuration Then click Port tab to access the following page ...

Page 510: ...on between that device and VigorSwitch will be terminated Schedule Two sechule profiles can be specified here to force Vigor2952 executing specific action to VigorSwitch 4 Click OK to save the changes and then click Send to Device Settings will be sent to VigorSwitch immediately V VI I 6 6 3 3 G Gr ro ou up p Different switches can be classified into different group s Specifc password for a group ...

Page 511: ...ng to Vigor2952 series All of the switches under the same group can be accessed into via such group password Existing Switch Display all of the VigorSwitch devices connecting to Vigor2952 Member Switch Choose the switches you want to group and click the button to move the selected devices onto the field of Member Switch Devices under Member Switch will be grouped under such group profile OK Click ...

Page 512: ...pe Four actions including configuration backup configuration restore remote reboot and factory reset are offered by Vigor2952 to perform on VigorSwitch File Path Click the button to find out the required file Select Device Existing Device Display all of the VigorSwitch devices connecting to Vigor2952 Selected Device Choose the switches you want to group and click the button to move the existing de...

Page 513: ...Vigor2952 Series User s Guide 501 V VI I 6 6 5 5 S Su up pp po or rt t L Li is st t This page lists all models of VigorSwitch which can be managed by Vigor2952 via Central Management Switch ...

Page 514: ...ernal Device Syslog Check this box to display information of the detected device on Syslog External Device Auto Discovery Check this box to detect the external device automatically and display on this page From this web page check the box of External Device Auto Discovery Later all the available devices will be displayed in this page with icons and corresponding information You can change the devi...

Page 515: ...dress service type keyword file extension and others These pre defined objects can be applied in CSM USB device connected on Vigor router can be regarded as a server or WAN interface By way of Vigor router clients on LAN can access write and read data stored in USB storage disk with different applications ...

Page 516: ...orts in a limited range usually will be applied in configuring router s settings therefore we can define them with objects and bind them with groups for using conveniently Later we can select that object group that can apply it For example all the IPs in the same department can be defined with an IP object a range of IP address ...

Page 517: ...er s Guide 505 W We eb b U Us se er r I In nt te er rf fa ac ce e V VI II I 1 1 1 1 I IP P O Ob bj je ec ct t You can set up to 192 sets of IP Objects with different conditions Available settings are explained as follows ...

Page 518: ...e Address Display the IP address configured for the object profile Export IP Object Usually the IP objects can be created one by one through the web page of Objects IP Object However to a user who wants to save more time in bulk creating IP objects a quick method is offered by Vigor router to modify the IP objects with a single file a CSV file All of the IP objects or the template can be exported ...

Page 519: ...oose LAN DMZ RT VPN as the direction setting in Edit Filter Rule then all the IP addresses specified with LAN DMZ RT VPN interface will be opened for you to choose in Edit Filter Rule page Address Type Determine the address type for the IP address Select Single Address if this object contains one IP address only Select Range Address if this object contains several IPs within a range Select Subnet ...

Page 520: ...et Mask Type the subnet mask if the Subnet Address type is selected Invert Selection If it is checked all the IP addresses except the ones listed above will be applied later while it is chosen 4 After finishing all the settings here please click OK to save the configuration Below is an example of IP objects settings ...

Page 521: ... are explained as follows Item Description Set to Factory Default Clear all profiles Index Display the profile number that you can configure Name Display the name of the group profile To set a new profile please do the steps listed below 1 Click the number e g 1 under Index column for configuration in details 2 The configuration page will be shown as follows ...

Page 522: ...ied interface chosen above will be shown in this box Selected IP Objects Click button to add the selected IP objects in this box 3 After finishing all the settings here please click OK to save the configuration V VI II I 1 1 3 3 I IP Pv v6 6 O Ob bj je ec ct t You can set up to 64 sets of IPv6 Objects with different conditions Available settings are explained as follows Item Description Set to Fac...

Page 523: ...e subnet for IPv6 address Select Any Address if this object contains any IPv6 address Select Mac Address if this object contains Mac address Match Type It is available when Range Address is selected as Address Type Specify which type 128 Bits or 64 Bits of address fomat for IPv6 protocol will be used for comparison The length of IPv6 address is composed by prefix and suffix interface ID 128 Bits W...

Page 524: ...tings please click OK to save the configuration V VI II I 1 1 4 4 I IP Pv v6 6 G Gr ro ou up p This page allows you to bind several IPv6 objects into one IPv6 group Available settings are explained as follows Item Description Set to Factory Default Clear all profiles Index Display the profile number that you can configure Name Display the name of the group profile To set a new profile please do th...

Page 525: ... profile Maximum 15 characters are allowed Available IPv6 Objects All the available IPv6 objects with the specified interface chosen above will be shown in this box Selected IPv6 Objects Click button to add the selected IPv6 objects in this box 3 After finishing all the settings please click OK to save the configuration ...

Page 526: ... bj je ec ct t You can set up to 96 sets of Service Type Objects with different conditions Available settings are explained as follows Item Description Set to Factory Default Clear all profiles Index Display the profile number that you can configure Name Display the name of the object profile ...

Page 527: ... columns are available for TCP UDP protocol It can be ignored for other protocols The filter rule will filter out any port number when the first and last value are the same it indicates one port when the first and last values are different it indicates a range for the port and available for this profile when the first and last value are the same it indicates all the ports except the port defined h...

Page 528: ...1 6 6 S Se er rv vi ic ce e T Ty yp pe e G Gr ro ou up p This page allows you to bind several service types into one group Available settings are explained as follows Item Description Set to Factory Default Clear all profiles Index Display the profile number that you can configure Name Display the name of the group profile ...

Page 529: ...ings are explained as follows Item Description Name Type a name for this profile Maximum 15 characters are allowed Available Service Type Objects All the available service objects that you have added on Objects Setting Service Type Object will be shown in this box Selected Service Type Objects Click button to add the selected IP objects in this box 3 After finishing all the settings please click O...

Page 530: ...et 200 keyword object profiles for choosing as black white list in CSM URL Web Content Filter Profile Available settings are explained as follows Item Description Set to Factory Default Clear all profiles Index Display the profile number that you can configure Name Display the name of the object profile ...

Page 531: ... are explained as follows Item Description Name Type a name for this profile e g game Maximum 15 characters are allowed Contents Type the content for such profile For example type gambling as Contents When you browse the webpage the page with gambling information will be watched out and be passed blocked based on the configuration on Firewall settings 3 After finishing all the settings please clic...

Page 532: ...er Profile Available settings are explained as follows Item Description Set to Factory Default Clear all profiles Index Display the profile number that you can configure Name Display the name of the group profile To set a new profile please do the steps listed below 1 Click the number e g 1 under Index column for configuration in details 2 The configuration page will be shown as follows Available ...

Page 533: ...s box 3 After finishing all the settings please click OK to save the configuration V VI II I 1 1 9 9 F Fi il le e E Ex xt te en ns si io on n O Ob bj je ec ct t This page allows you to set eight profiles which will be applied in CSM URL Content Filter All the files with the extension names specified in these profiles will be processed according to the chosen action Available settings are explained...

Page 534: ...ls 2 The configuration page will be shown as follows Available settings are explained as follows Item Description Profile Name Type a name for this profile The maximum length of the name you can set is 7 characters 3 Type a name for such profile and check all the items of file extension that will be processed in the router Finally click OK to save this profile ...

Page 535: ... the settings and return to factory default settings Index Display the profile number that you can configure Profile Display the name for such SMS profile SMS Provider Display the service provider which offers SMS service To set a new profile please do the steps listed below 1 Click the SMS Provider tab and click the number e g 1 under Index column for configuration in details 2 The configuration ...

Page 536: ...31 characters Password Type a password that the sender can use to register to selected SMS provider The maximum length of the password you can set is 31 characters Quota Type the number of the credit that you purchase from the service provider chosen above Note that one credit equals to one SMS text message on the standard route Sending Interval To avoid quota being exhausted soon type time interv...

Page 537: ...are fixed You can click the number e g 9 under Index column for configuration in details Available settings are explained as follows Item Description Profile Name Display the name of this profile It cannot be modified Service Provider Type the website of the service provider Type the URL string in the box under the filed of Service Provider You have to contact your SMS provider to obtain the exact...

Page 538: ...or the system to send SMS After finishing all the settings here please click OK to save the configuration M Ma ai il l S Se er rv vi ic ce e O Ob bj je ec ct t This page allows you to set ten profiles which will be applied in Application SMS Mail Alert Service Each item is explained as follows Item Description Set to Factory Default Clear all of the settings and return to factory default settings ...

Page 539: ... server Sender Address Type the e mail address of the sender Use SSL Check this box to use port 465 for SMTP server for some e mail server uses https as the transmission method Authentication The mail server must be authenticated with the correct username and password to have the right of sending message out Check the box to enable the function Username Type a name for authentication The maximum l...

Page 540: ...ng situation To set a new profile please do the steps listed below 1 Open Object Setting Notification Object and click the number e g 1 under Index column for configuration in details 2 The configuration page will be shown as follows Available settings are explained as follows Item Description Profile Name Type a name for such notification profile The maximum length of the name you can set is 15 c...

Page 541: ...r the category You can check the box you want to be monitored 3 After finishing all the settings here please click OK to save the configuration Info When Failover Occurred of High Availability is enabled Sending Interval of SMS Provider profile should be set to 0 ...

Page 542: ...e settings are explained as follows Item Description Add Click it to open the following page for adding a new string object Set to Factory Default Click it to clear all of the settings in this page Index Display the number link of the string profile String Display the string defined Clear Choose the string that you want to remove Then click this check box to delete the selected string Below shows ...

Page 543: ... Log into the web user interface of Vigor router 2 Configure relational objects first Open Object Settings SMS Mail Server Object to get the following page Index 1 to Index 8 allows you to choose the built in SMS service provider If the SMS service provider is not on the list you can configure Index 9 and Index 10 to add the new service provider to Vigor router 3 Choose any index number e g Index ...

Page 544: ...rofile setting 5 Open Object Settings Notification Object to configure the event conditions of the notification 6 Choose any index number e g Index 1 in this case to configure conditions for sending the SMS In the following page type the name of the profile and check the Disconnected and Reconnected boxes for WAN to work in concert with the topic of this paper ...

Page 545: ...o choose SMS Provider and the Notify Profile specify the time of sending SMS Then type the phone number in the field of Recipient the one who will receive the SMS 9 Click OK to save the settings Later if one of the WAN connections fails in your router the system will send out SMS to the phone number specified If the router has only one WAN interface the system will send out SMS to the phone number...

Page 546: ...S P Pr ro ov vi id de er r Choose one of the Index numbers 9 or 10 allowing you to customize the SMS Provider In the web page type the URL string of the SMS provider and type the username and password After clicking OK the new added SMS provider will be added and will be available for you to specify for sending SMS out ...

Page 547: ...USB Application you can type the IP address of the Vigor router and username password created in USB Application USB User Management on the client software Then the client can use the FTP site USB storage disk or share the SMB service through Vigor router Info USB ports on Vigor router are allowed to connect to USB modem Models of the modems supported by Vigor router can be seen from USB Applicati...

Page 548: ...only Therefore before connecting the USB storage disk into the Vigor router please make sure the memory format for the USB storage disk is FAT16 or FAT32 It is recommended for you to use FAT32 for viewing the filename completely FAT16 cannot support long filename Available settings are explained as follows Item Description General Settings Simultaneous FTP Connections This field is used to specify...

Page 549: ...st name can have as many as 23 characters Both them cannot contain any of the following Workgroup Name Type a name for the workgroup Host Name Type the host name for the router Printer Server Enable Click it to make Vigor router act as a printer server with USB printer attached After finishing all the settings here please click OK to save the configuration V VI II I 2 2 2 2 U US SB B U Us se er r ...

Page 550: ...served for FTP firmware upgrade usage Note FTP Passive mode is not supported by Vigor Router Please disable the mode on the FTP client Password Type the password for FTP SMB users for accessing FTP server Later you can open FTP client software and type the password specified here for accessing into USB storage disk The length of the password is limited to 11 characters Confirm Password Type the pa...

Page 551: ...e disk into the USB interface of the Vigor router Otherwise you cannot save the configuration V VI II I 2 2 3 3 F Fi il le e E Ex xp pl lo or re er r File Explorer offers an easy way for users to view and manage the content of USB storage disk connected on Vigor router Available settings are explained as follows Item Description Refresh Click this icon to refresh files list Back Click this icon to...

Page 552: ...e later Available settings are explained as follows Item Description Connection Status If there is no USB device connected to Vigor router No Disk Connected will be shown here Disk Capacity It displays the total capacity of the USB storage disk Free Capacity It displays the free space of the USB storage disk Click Refresh at any time to get new status for free capacity Index It displays the number...

Page 553: ...a communications room is overheating During summer in particular it is important to ensure that your server or data communications equipment are not overheating due to cooling system failures The inclusion of a USB thermometer in compatible Vigor routers will continuously monitor the temperature of its environment When a pre determined threshold is reached you will be alerted by either an email or...

Page 554: ...it Choose the display unit of the temperature There are two types for you to choose Alarm Settings Enable Syslog Alarm The temperature log will be recorded on Syslog if it is enabled Upper temperature limit Lower temperature limit Type the upper limit and lower limit for the system to send out temperature alert T Te em mp pe er ra at tu ur re e C Ch ha ar rt t Below shows an example of temperature...

Page 555: ...ies User s Guide 543 V VI II I 2 2 6 6 M Mo od de em m S Su up pp po or rt t L Li is st t Such page provides the information about the brand name and model name of the USB modems which are supported by Vigor router ...

Page 556: ...s Guide 544 V VI II I 2 2 7 7 S SM MB B C Cl li ie en nt t S Su up pp po or rt t L Li is st t SMB Client Support List provides the test status information for applications with file sharing operated under different platforms ...

Page 557: ...le Explorer If it is necessary for you to delete copy files on the device or write paste files to the devcie it must be done through SMB server or FTP server SMB service is based on the original USB FTP service You will need to setup USB FTP first We would like to give brief instructions on USB FTP setup here 1 Plug the USB device to the USB port on the router Open USB Application USB Device Statu...

Page 558: ...gement Click index 1 link and click Enable to enable FTP SMB User account Here we add a new account user1 and assign authorities Read Write and List to it 4 Click OK to save the configuration 5 Make sure the FTP service is running properly Please open a browser and type ftp 192 168 1 1 Use the account user1 to login ...

Page 559: ...USB Application USB Disk Status The information for FTP server will be shown as below Now users in LAN of Vigor2952 can access into the USB storage device by typing ftp 192 168 1 1 on any browser They can add or remove files directories depending on the Access Rule for FTP account settings in USB Application USB User Management ...

Page 560: ...Vigor2952 Series User s Guide 548 This page is left blank ...

Page 561: ...549 P Pa ar rt t V VI II II I T Tr ro ou ub bl le es sh ho oo ot ti in ng g This part will guide you to solve abnormal situations if you cannot access into the Internet after installing the router and finishing the web configuration ...

Page 562: ...low to check your basic installation status stage by stage Checking if the hardware status is OK or not Checking if the network connection settings on your computer are OK or not Pinging the router from your computer Checking if the ISP settings are OK or not Backing to factory default setting if necessary If all above stages are done and the router still cannot run normally it is the time for you...

Page 563: ...1 1 1 1 D Di ia al l o ou ut t T Tr ri ig gg ge er ri in ng g Click Diagnostics and click Dial out Triggering to open the web page The internet connection e g PPPoE is triggered by a package sending from the source IP address Available settings are explained as follows Item Description Decoded Format It shows the source IP address local destination IP remote address the protocol and length of the ...

Page 564: ...uide 552 V VI II II I 1 1 2 2 R Ro ou ut ti in ng g T Ta ab bl le e Click Diagnostics and click Routing Table to open the web page Available settings are explained as follows Item Description Refresh Click it to reload the page ...

Page 565: ...gnostics and click ARP Cache Table to view the content of the ARP Address Resolution Protocol cache held in the router The table shows a mapping between an Ethernet hardware address MAC Address and an IP address Available settings are explained as follows Item Description Refresh Click it to reload the page ...

Page 566: ...pping between an Ethernet hardware address MAC Address and an IPv6 address This information is helpful in diagnosing network problems such as IP address conflicts etc Click Diagnostics and click IPv6 Neighbour Table to open the web page Available settings are explained as follows Item Description Refresh Click it to reload the page ...

Page 567: ...HCP Table to open the web page Available settings are explained as follows Item Description Index It displays the connection item number IP Address It displays the IP address assigned by this router for specified PC MAC Address It displays the MAC address for the specified PC that DHCP assigned IP address for it Leased Time It displays the leased time of the specified PC HOST ID It displays the ho...

Page 568: ...able settings are explained as follows Item Description Private IP Port It indicates the source IP address and port of local PC Pseudo Port It indicates the temporary port of the router used for NAT Peer IP Port It indicates the destination IP address and port of remote host Interface It displays the representing number for different interface Refresh Click it to reload the page ...

Page 569: ...and displayed on Diagnostics DNS Cache Table Available settings are explained as follows Item Description Clear Click this link to remove the result on the window Refresh Click it to reload the page When an entry s TTL is larger than Check the box the type the value of TTL time to live for each entry Click OK to enable such function It means when the TTL value of each DNS query reaches the thresho...

Page 570: ...e web page or Available settings are explained as follows Item Description IPV4 IPV6 Choose the interface for such function Ping through Use the drop down list to choose the WAN interface that you want to ping through or choose Unspecified to be determined by the router automatically Ping to Use the drop down list to choose the destination that you ...

Page 571: ...pe the IP address of the Host IP that you want to ping Ping IPv6 Address Type the IPv6 address that you want to ping Run Click this button to start the ping work The result will be displayed on the screen Clear Click this link to remove the result on the window ...

Page 572: ... to enable IP bandwidth limit and IP session limit before invoking Data Flow Monitor If not a notification dialog box will appear to remind you enabling it Click Diagnostics and click Data Flow Monitor to open the web page You can click IP Address TX rate RX rate or Session link for arranging the data display Available settings are explained as follows Item Description Enable Data Flow Monitor Che...

Page 573: ...ssion number that you specified in Limit Session web page Action Block can prevent specified PC accessing into Internet within 5 minutes Unblock The device with the IP address will be blocked for five minutes The remaining time will be shown on the session column Click it to cancel the IP address blocking Current Peak Speed Current means current transmission rate and receiving rate for WAN interfa...

Page 574: ...lick Reset to zero the accumulated RX TX received and transmitted data of WAN Click Refresh to renew the graph at any time The horizontal axis represents time Yet the vertical axis has different meanings For WAN1 WAN2 WAN3 WAN4 Bandwidth chart the numbers displayed on vertical axis represent the numbers of the transmitted and received packets in the past For Sessions chart the numbers displayed on...

Page 575: ...e the routes from router to the host Simply type the IP address of the host in the box and click Run The result of route trace will be shown on the screen or Available settings are explained as follows Item Description IPv4 IPv6 Click one of them to display corresponding information for it Trace through Use the drop down list to choose the interface that you want to ping through ...

Page 576: ...eb Syslog specify the type of Syslog and choose the display mode you want Later the event of Syslog with specified type will be shown for your reference Available settings are explained as follows Item Description Enable Web Syslog Check this box to enable the function of Web Syslog Syslog Type Use the drop down list to specify a type of Syslog to be displayed Export Click this link to save the da...

Page 577: ...e type of the record Message Display the information for each event V VI II II I 1 1 1 13 3 I IP Pv v6 6 T TS SP PC C S St ta at tu us s IPv6 TSPC status web page could help you to diagnose the connection status of TSPC If TSPC has configured properly the router will display the following page when the user connects to tunnel broker successfully Available settings are explained as follows Item Des...

Page 578: ...A configuration for the selected router Back Return to previous page HA Setup Click it to open Applications High Availability for modifying the configuration Renew Click it to get the newest status of other router except the primary router Refresh Click it to get the newest status of the primary router Status means an error has occurred Refer to Detailed information and modify HA settings if requi...

Page 579: ...ns configuration synchronization is ready to execute Progressing means configuration synchronization is operating Fail means configuration synchronization executed and failed or wrong model name Equal means the corresponding settings are equal to the primary router Cached Time Display the time period since the last time to get the newest status of other router except the primary router Cick the li...

Page 580: ...io on n L Lo og g This page will display the complete authentication log information Available settings are explained as follows Item Description Enable Check the box to enable such function Refresh Click it to update current page Clear Click it to remove all of the records Syslog Type Specify RADIUS 802 1X or All to display related authentication information log Display Mode Choose the mode you w...

Page 581: ...nvironment to find out if there is any abnormal connection Information of IP traced and destination port used for SYN Flood UDP Flood and ICMP Flood attacks will be detected and shown respectively on different pages Moreover IP address detected and suspected to attack the network system can be blocked shortly by clicking the Block button shown on pages of SYN Flood UDP Flood and ICMP Flood Info Th...

Page 582: ...e following web page will be blocked forever Available settings are explained as follows Item Description Blocking IP Type the IP address in this field and click add It will be added to the IP List and appear in the right frame IP list in the right frame will be blocked by Vigor system permanatly Remove It is used to remove selected IP address from the Blocking IP List Refresh Click this link to r...

Page 583: ... the hardware status 1 Check the power line and WLAN LAN cable connections Refer to I 2 Hardware Installation for details 2 Turn on the router Make sure the ACT LED blink once per second and the correspondent LAN LED is bright 3 If not it means that there is something wrong with the hardware status Simply back to I 2 Hardware Installation to execute the hardware installation again And then try aga...

Page 584: ...the link is stilled failed please do the steps listed below to make sure the network connection settings is OK F Fo or r W Wi in nd do ow ws s Info The example is based on Windows 7 As to the examples for other operation systems please refer to the similar steps or find support notes in www DrayTek com 1 Open All Programs Getting Started Control Panel Click Network and Sharing Center 2 In the foll...

Page 585: ...or2952 Series User s Guide 573 4 Select Internet Protocol Version 4 TCP IP and then click Properties 5 Select Obtain an IP address automatically and Obtain DNS server address automatically Finally click OK ...

Page 586: ...uide 574 F Fo or r M Ma ac c O OS S 1 Double click on the current used Mac OS on the desktop 2 Open the Application folder and get into Network 3 On the Network screen select Using DHCP from the drop down list of Configure IPv4 ...

Page 587: ...e router correctly F Fo or r W Wi in nd do ow ws s 1 Open the Command Prompt window from Start menu Run 2 Type command for Windows 95 98 ME or cmd for Windows NT 2000 XP Vista 7 8 The DOS command dialog will appear 3 Type ping 192 168 1 1 and press Enter If the link is OK the line of Reply from 192 168 1 1 bytes 32 time 1ms TTL 255 will appear 4 If the line does not appear please check the IP addr...

Page 588: ...Vigor2952 Series User s Guide 576 ...

Page 589: ...igured in Vigor router Check if the LEDs on Vigor router are on or not If not please install an additional switch for connecting both Vigor router and the modem offered by ISP Then check if the LEDs on Vigor router are on or not If the problem of LEDs cannot be solved by the above measures please contact with the nearest reseller or send an e mail to DrayTek FAE for technical support Check if the ...

Page 590: ...k k c co on nn ne ec ct ti io on n d do oe es s n no ot t w wo or rk k Check the PIN Code of SIM card is disabled or not Please use the utility of 3G 4G USB Modem to disable PIN code and try again If it still fails it might be the compliance problem of system Please open DrayTek Syslog Tool to capture the connection information WAN Log and send the page similar to the following graphic to the serv...

Page 591: ...ressing factory default setting you will loose all settings you did before Make sure you have recorded all useful settings before you pressing The password of factory default is null S So of ft tw wa ar re e R Re es se et t You can reset the router to factory default via Web page Such function is available in Admin Mode only Go to System Maintenance and choose Reboot System on the web page The fol...

Page 592: ...n Then the router will restart with the default configuration After restore the factory default setting you can configure the settings for the router again to fit your personal request V VI II II I 8 8 C Co on nt ta ac ct ti in ng g D Dr ra ay yT Te ek k If the router still cannot work correctly after trying many efforts please contact your dealer for further help right away For any questions plea...

Page 593: ...the difficulty is how to handle the traffics between two or more Ethernet switches Thus VLAN is suitable for some circumstances for example the rental apartment SOHO office and so on These clients may need two or three isolated networks only and setup a network in a simple way T Ta ag g b ba as se ed d The idea of tag based VLAN is to identify a virtual LAN with a specific ID therefore VLAN ID int...

Page 594: ... packet as the VID of Trunk port while forwarding the packets to another switch Bridge mode of WAN P1 and P2 are doing NAT flow to access to the internet but P3 and P4 will forward the packets between WAN and LAN ports directly W We eb b U Us se er r I In nt te er rf fa ac ce e So far there are two kinds of open system on Vigor router One is DrayOS which is DrayTek owned and another is Linux like ...

Page 595: ...Vigor2952 Series User s Guide 583 ...

Page 596: ...Vigor2952 Series User s Guide 584 LAN V VL LA AN N a ap pp pl li ic ca at ti io on ns s o on n V Vi ig go or r r ro ou ut te er r Multi Subnet VLAN of LAN ...

Page 597: ...rver LAN1 LAN2 LAN3 LAN4 However the traffics of the LAN port or SSID that are NOT being grouped in the same VLAN are unable to forward to each other The benefit of Port based is able to extend the wired ports by installing a cheaper dumb switch as many as you need but Tag based offers you a flexible and well managed network The networks are isolated secured and reduce the broadcasting storm effec...

Page 598: ...e to be isolated from your private network due to the security considerations it can be done by above settings However a switch support VLAN function is need if VLAN Tag enabled Triple Play Multi WAN NAT mode with VLAN Following settings the set top box STB is able to attach with any LAN port Video streaming which your ISP provided will be played on your monitor ...

Page 599: ...Vigor2952 Series User s Guide 587 ...

Page 600: ...idge mode with VLAN Set top box STB or the other kinds of media devices are able to attach with Port4 or Port5 of LAN Those devices that attached with Port4 or Port5 are able to access the services network directly which your ISP provided ...

Page 601: ...Vigor2952 Series User s Guide 589 P Pa ar rt t I IX X D Dr ra ay yT Te ek k T To oo ol ls s ...

Page 602: ...otocol VPN connections such as IPSec PPTP L2TP protocols for secure data exchange and communication With SSL VPN embedded on Vigor routers teleworkers can have convenient and simple access to central site VPN The teleworkers do not need to install any VPN software manually From regular web browser you can establish VPN connection back to your main office even in a guest network or web cafe DrayTek...

Page 603: ... SL L V VP PN N T Tu un nn ne el l SmartVPN APP for Android is now available on Google play This document demonstrates how to use the APP to establish a SSL VPN tunnel 1 On VPN server create a SSL user account Please refer to How to Set up SSL VPN on www draytek com for detailed instructions 2 Download the APP from Google play and run the APP 3 Click to add a new profile ...

Page 604: ...or Routers it is 443 by default d Tap SAVE to save the profile or to cancel Info Installation of relevant Root CA is required to enable server certificate authentication If you check Use default gateway on remote network all the traffic of this smart device will be forwarded to the remote gateway 5 Tap the profile bar to establish SSL VPN tunnel 6 Enter Username and Password then tap Dial ...

Page 605: ...Vigor2952 Series User s Guide 593 7 When the tunnel is up the profile will turn green Tap the bar again will disconnect the tunnel 8 Tap the pencil icon to edit or remove the profile ...

Page 606: ...Vigor2952 Series User s Guide 594 This page is left blank ...

Page 607: ...Vigor2952 Series User s Guide 595 P Pa ar rt t X X T Te el ln ne et t C Co om mm ma an nd ds s ...

Page 608: ...e Windows Features of Telnet Client has been turned on under Control Panel Programs Type cmd and press Enter The Telnet terminal will be open later In the following window type Telnet 192 168 1 1 as below and press Enter Note that the IP address in the example is the default address of the router If you have changed the default enter the current IP address of the router Next type admin admin for A...

Page 609: ...uide 597 For users using previous Windows system e g 2000 XP simply click Start Run and type Telnet 192 168 1 1 in the Open box as below Next type admin admin for Account Password And type to get a list of valid common commands ...

Page 610: ...4 SA 61 9 224 13 5 WA 61 9 240 13 l List List all settings configured E Ex xa am mp pl le e bpa 1 a 1 n testUser p testPassword s 4 bpa l index 1 active UserName 1 testUser PassWord 1 testPassword ServerIP 1 4 index 2 inactive UserName 2 PassWord 2 ServerIP 2 0 T Te el ln ne et t C Co om mm ma an nd d c cs sm m a ap pp pe e p pr ro of f Commands under CSM allow you to set CSM profile to define pol...

Page 611: ... CSM profile e Enable to block specific application d Disable to block specific application a Set the action of specific application GROUP Specify the category of the application Available options are IM P2P Protocol and Others AP_IDX Each application has independent index number for identification in CLI command Specify the index number of the application here If you have no idea of the inex numb...

Page 612: ... et t C Co om mm ma an nd d c cs sm m a ap pp pe e c co on nf fi ig g It is used to display the configuration status enabled or disabled for IM P2P Protocol Other applications S Sy yn nt ta ax x csm appe config v INDEX i p t m S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description INDEX Specify the index number of CSM profile from 1 to 32 i View the configuration status of IM g...

Page 613: ...atically WAN Specify the WAN interface for signature downloading E Ex xa am mp pl le e csm appe interface wan1 Download interface is set as WAN1 now csm appe interface auto Download interface is set as auto selected now T Te el ln ne et t C Co om mm ma an nd d c cs sm m a ap pp pe e e em ma ai il l It is used to set notification e mail for APPE signature based on the settings configured in System ...

Page 614: ...SG Set the administration message MSG means the content less than 255 characters of the message itself obj Specify the object for the profile INDEX Specify the index number of CSM profile from 1 to 8 n Set the profile name PROFILE_NAME Specify the name of the profile less than 16 characters p Set the priority defined by the number specified in VALUE for the profile VALUE Number 0 to 3 represent di...

Page 615: ... D De es sc cr ri ip pt ti io on n Parameter Description INDEX Specify the index number of CSM profile from 1 to 8 v View the protocol configuration of the CSM profile e Enable the function of URL Access Control d Disable the function of URL Access Control a Set the action of specific application P or B B Block The web access meets the URL Access Control will be blocked P Pass The web access meets...

Page 616: ...Access Control Action pass v Prevent web access from IP address No Obj NO Object Name No Grp NO Group Name csm ucf obj 1 uac a B Profile Index 1 Profile Name game Log none Priority Select Bundle Pass Enable URL Access Control Action block v Prevent web access from IP address No Obj NO Object Name No Grp NO Group Name ...

Page 617: ...figuration of the CSM profile e Enable the restriction of web feature d Disable the restriction of web feature a Set the action of web feature P or B B Block The web access meets the web feature will be blocked P Pass The web access meets the web feature will be passed s Enable the the Web Feature configuration Features available for configuration are c Cookie p Proxy u Upload u Cancel the web fea...

Page 618: ... S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description show Display the web content filter profiles Look Display the license information of WCF Cache Set the cache level for the profile Server WCF_SERVER Set web content filter server Msg MSG Set the administration message MSG means the content less than 255 characters of the message itself setdefault Return to default settings...

Page 619: ...gal Drug Nudity Pornography Sexually Explicit Weapons Violence School Cheating Sex Education Tasteless Child Abuse Imges Entertainment Games Sports Travel Leisure Recreation Fashin Beauty Business Job Search Web based Emai Chat Instant Messaging Anonymizers Forums Newsgroups Computers Technology Download Sites Streaming Media Downloads Phishing Fraud Search Engines Portals Social Networking Spam S...

Page 620: ... Weapons v School Cheating v Sex Education v Tasteless v Child Abuse Images leisure Group Entertainment Games Sports Travel Leisure Recreation Fashion Beauty T Te el ln ne et t C Co om mm ma an nd d c cs sm m d dn ns sf f It means to configure the settings regarding to DNS filter S Sy yn nt ta ax x csm dnsf enable ON OFF csm dnsf syslog N P B A csm dnsf wcf IDNEX csm dnsf ucf IDNEX csm dnsf cachet...

Page 621: ... 1 to 8 Cachetime CACHE_TIME CACHE_TIME It means to set the time for cache to live available values are 1 to 24 1 is one hour 2 is two hours and so on for DNS filter blockpage DNS sends block page for redirect port When a web page is blocked by DNS filter the router system will send a message page to describe that the page is not allowed to be visisted ON Enable the function of displaying message ...

Page 622: ...ion Update in minutes Type the value as DDNS time The range is from 1 to 14400 E Ex xa am mp pl le e ddns time ddns time update in minutes Valid 1 14400 Now 14400 ddns time 1000 ddns time update in minutes Valid 1 14400 Now 1000 T Te el ln ne et t C Co om mm ma an nd d d do os s This command allows users to configure the settings for DoS defense system S Sy yn nt ta ax x dos V D A dos s ATTACK_F T...

Page 623: ... is Activated dos s synflood 50 10 Synflood is enabled Threshold 50 pke sec timeout 10 pke sec T Te el ln ne et t C Co om mm ma an nd d e ex xi it t Type this command will leave telnet window T Te el ln ne et t C Co om mm ma an nd d I In nt te er rn ne et t This command allows you to configure detailed settings for WAN connection S Sy yn nt ta ax x internet W n M n command parameter S Sy yn nt ta ...

Page 624: ...eway IP for such WAN connection s server ip Set PPTP L2TP Server IP server ip ppp qqq rrr sss PPTP L2TP server IP A idx Set to Always On mode and idx as backup WAN B mode Set to Backup mode mode 0 When any WAN disconnect 1 When all WAN disconnect V View Internet Access profile C sim pin code Set PPP mode SIM PIN code max 15 characters O init string Set PPP mode Modem Initial String max 47 characte...

Page 625: ...ut set to always on WAN1 Gateway IP set to 0 0 0 0 internet V WAN1 Internet Mode PPPoE ISP Name tcom Username username Authentication PAP CHAP Idle Timeout 1 WAN IP Dynamic IP internet W 1 M 1 u link1 p link1 a 0 You are going to watching and setting in WAN 1 WAN1 Internet Mode set to PPPoE PPPoA WAN1 Username set to link1 WAN1 Password set successful WAN1 PPP Authentication Type set to PAP CHAP T...

Page 626: ...p addr public subnet IP address Now 192 168 0 1 ip pubaddr 192 168 2 5 Set public subnet IP address done T Te el ln ne et t C Co om mm ma an nd d i ip p p pu ub bm ma as sk k This command allows users to set the mask for IP routed subnet of your router S Sy yn nt ta ax x ip pubmask ip pubmask public subnet mask S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description Display an I...

Page 627: ...ded in index 3 When you type ip aux the current auxiliary WAN IP Address table will be shown as the following Index no Status IP address IP pool 1 Enable 172 16 3 229 Yes 2 Enable 172 16 3 56 No 3 Enable 172 16 3 113 No T Te el ln ne et t C Co om mm ma an nd d i ip p a ad dd dr r This command allows users to set add a specified LAN IP your router S Sy yn nt ta ax x ip addr IP address S Sy yn nt ta...

Page 628: ... arp add allows users to add a new IP address into the ARP table arp del allows users to remove an IP address arp flush allows users to clear arp cache arp status allows users to review current status for the arp table arp accept allows to accept or reject the source destination MAC address arp setCacheLife allows users to configure the duration in which ARP caches can be stored on the system If i...

Page 629: ...on number x option value ip dhcpc option e 1 or 0 w wan unmber c option number a option value ip dhcpc option u idx unmber ip dhcpc release wan number ip dhcpc renew wan number ip dhcpc status S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description option It is an optional setting for DHCP server h display usage l list all custom set DHCP options d delete custom dhcp client opti...

Page 630: ...arameter Description IP address It means the WAN IP address WAN1 WAN2 It means the WAN interface that the above IP address passes through E Ex xa am mp pl le e ip ping 172 16 3 229 WAN1 Pinging 172 16 3 229 with 64 bytes of Data Receive reply from 172 16 3 229 time 0ms Receive reply from 172 16 3 229 time 0ms Receive reply from 172 16 3 229 time 0ms Packets Sent 5 Received 5 Lost 0 0 loss T Te el ...

Page 631: ...on IP address Type the WAN or LAN IP address of the remote device Port Type a port number e g 23 Available settings 0 65535 E Ex xa am mp pl le e ip telnet 172 17 3 252 23 T Te el ln ne et t C Co om mm ma an nd d i ip p r ri ip p This command allows users to set the RIP routing information protocol of IP S Sy yn nt ta ax x ip rip 0 1 2 S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter...

Page 632: ...isable 1 enable Now status WAN 1 Rip Protocol disable WAN 2 Rip Protocol disable WAN 3 Rip Protocol disable WAN 4 Rip Protocol disable WAN 5 Rip Protocol disable ip wanrip 5 e 1 ip wanrip Valid ex ip wanrip ifno e 0 1 ifno 1 WAN1 2 WAN2 3 PVC3 4 PVC4 5 PVC5 e 0 1 0 disable 1 enable Now status WAN 1 Rip Protocol disable WAN 2 Rip Protocol disable WAN 3 Rip Protocol disable WAN 4 Rip Protocol disabl...

Page 633: ...off as current default route clean Clean all of the route settings 1 Enable the function 0 Disable the function E Ex xa am mp pl le e ip route add 172 16 2 0 255 255 255 0 172 16 2 4 3 static ip route status Codes C connected S static R RIP default private C 192 168 9 0 255 255 255 0 is directly connected DMZ C 192 168 1 0 255 255 255 0 is directly connected LAN1 S 172 16 2 0 255 255 255 0 via 172...

Page 634: ...sn no oo op p This command is used to enable disable igmp snoop server S Sy yn nt ta ax x ip igmp_snoop enable ip igmp_snoop disable ip igmp_snoop status ip igmp_snoop txquery on off v2 v3 ip igmp_snoop chkleave on off ip igmp_snoop separate on off S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description enable It means to enable proxy server disable It means to disable proxy ser...

Page 635: ...Vigor2952 Series User s Guide 623 ...

Page 636: ...x ip dmzswitch off ip dmzswitch private ip dmaswitch active_trueip S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description off Disable the function of DMZ host private Enable private IP address of the DMZ host Active_trueip Enable active true IP address of the DMZ host E Ex xa am mp pl le e ip dmzswitch ip dmzswitch off private active_trueip DMZ is OFF ip dmzswitch private ip dm...

Page 637: ...ion limit settings in the IP range timer num Set when the IP session block works The unit is second block unblock IP Block unblock the specified IP address Block The IP cannot access Internet through the router Unblock The specified IP can access Internet through the router add Add the session limits in an IP range del Delete the session limits in an IP range IP1 IP2 It means the range of IP addre...

Page 638: ...s status Display the current settings show Display all the bandwidth limits settings within the IP range add Add the bandwidth within the IP range del Delete the bandwidth within the IP range IP1 IP2 It means the range of IP address specified for this command tx Set transmission rate for bandwidth limit rx Set receiving rate for bandwidth limit shared It means that the bandwidth will be shared for...

Page 639: ...ose IP address in IP bindmac policy table can access into network show Display the IP address and MAC address of the pair of binded one add Add one IP bindmac del Delete one IP bindmac IP Type the IP address for binding with specified MAC address MAC Type the MAC address for binding with the IP address specified Comment Type words as a brief description All Delete all the IP bindmac settings E Ex ...

Page 640: ... in several commands in one line General Setup for Policy Route i value Specify an index number for setting policy route profile Value 1 to 60 1 means to get a free policy index automatically e 0 1 0 Disable the selected policy route profile 1 Enable the selected policy route profile o value Determine the operation of the policy route Value add Create a new policy rotue profile del Remove an exist...

Page 641: ...policy route profile Value Type a number 0 250 The default value is 150 I value Indicate the interface specified for the policy route profile Value Available interfaces include LAN1 LAN8 IP_Routed_Subnet DMZ_Subnet WAN1 WAN5 VPN_PROFILE_1 VPN_PROFILE_100 WAN_1_IP_ALIAS_1 WAN_4_IP_ALIAS_8 g value Indicate the gateway IP address Value The type format shall be xxx xxx xxx xxx e g 192 168 3 1 l value ...

Page 642: ...p pl le e ip policy_rt diagnose s 192 168 1 100 d any p any t ICMP Matched Route Priority No_Match Matched Policy Priority Policy_1 200 Conclusion The packet was dropped because the send to interface of the mat ched policy policy 1 was inactive and there was no failover setting ip policy_rt i 1 o add 1 range s 192 168 1 10 S 192 168 1 20 2 ip_range d 202 211 100 10 D 202 211 100 20 g 202 211 100 1...

Page 643: ...ping T Te el ln ne et t C Co om mm ma an nd d i ip p d dn ns sf fo or rw wa ar rd d This command is used to set LAN DNS profile for conditional DNS forwarding S Sy yn nt ta ax x ip dnsforward command parameter S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description command parameter The available commands with parameters are listed below means that you can type in several comman...

Page 644: ...ta ax x D De es sc cr ri ip pt ti io on n Parameter Description s It means to add a static ipv6 address d It means to delete an ipv6 address a It means to show current address es status u It means to show only unicast addresses prefix It means to type the prefix number of IPv6 address prefix length It means to type a fixed value as the length of the prefix LAN WAN1 WAN2 iface It means to specify L...

Page 645: ...rameter related to the request will be displayed 0 the parameter related to the request will not be displayed E Ex xa am mp pl le e ip6 dhcp req_opt WAN2 S 1 ip6 dhcp req_opt WAN2 r 1 ip6 dhcp req_opt WAN2 a Interface WAN2 is set to request following DHCPv6 options sip name T Te el ln ne et t C Co om mm ma an nd d i ip p6 6 d dh hc cp p c cl li ie en nt t This command allows you to use DHCPv6 prot...

Page 646: ... This command allows you to configure DHCPv6 server S Sy yn nt ta ax x ip6 dhcp server command parameter S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description server It means the dhcp server settings command parameter The available commands with parameters are listed below means that you can type in several commands in one line a It means to show current DHCPv6 status i pool_m...

Page 647: ... Series User s Guide 635 ip6 dhcp server a Interface LAN has following DHCPv6 server settings DHCPv6 server disabled maximum address of the pool FF02 3 minimum address of the pool FF02 1 1st DNS IPv6 Addr FF02 1 ...

Page 648: ...5 Static n 6 6in4 Static n 7 6rd command parameter The available commands with parameters are listed below means that you can type in several commands in one line For 6rd C n Set 6rd Connection Mode n 0 Auto n 1 Static s server Set 6rd IPv4 Border Relay m n Set 6rd IPv4 address mask length p prefix Set 6rd IPv6 prefix l n Set 6rd IPv6 prefix length For 6in4 s server Set 6in4 Remote Endpoint IPv4 A...

Page 649: ...detection mode 0 NS Detect 1 Ping Detect 2 Always On z value Set Ping Detect TTL value 0 255 x hostname IPv6 address Set Ping Detect Host hostname or IPv6 address I interval Set ipv6 connection interval Interval 1500 60000 unit 10ms b 0 1 Enable DNSv6 based on DHCPv6 0 off 1 on E Ex xa am mp pl le e ip6 internet W 1 M 2 u userid p passwd s broker freenet6 net This setting will take effect after re...

Page 650: ...sk address LAN WAN1 WAN2 Specify an interface for the neighbor E Ex xa am mp pl le e ip6 neigh s 2001 2222 3333 1111 00 50 7F 11 ac 22 WAN2 Neighbour 2001 2222 3333 1111 successfully added ip6 neigh a I F ADDR MAC STATE LAN FF02 1 33 33 00 00 00 01 CONNECTED WAN2 2001 5C0 1400 B 10B8 00 00 00 00 00 00 CONNECTED WAN2 2001 2222 3333 1111 00 00 00 00 00 00 CONNECTED WAN2 2001 2222 6666 1111 00 00 00 ...

Page 651: ...FE80 250 7FFF FE12 300 successfully added T Te el ln ne et t C Co om mm ma an nd d i ip p6 6 r ro ou ut te e This command allows you to S Sy yn nt ta ax x ip6 route s prefix prefix length gateway LAN WAN1 WAN2 iface D ip6 route s prefix prefix length gateway LAN1 LAN2 LAN4 WAN1 WAN2 USB1 USB2 VPN1 VPN32 D ip6 route d prefix prefix length ip6 route a LAN1 LAN2 LAN4 WAN1 WAN2 USB1 USB2 VPN1 VPN32 S ...

Page 652: ...IPv6 address or a host S Sy yn nt ta ax x ip6 ping IPV6 address Host LAN1 LAN2 LAN4 WAN1 WAN2 USB1 USB2 send count data_size 1 1452 S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description IPV6 address Host It means to specify the IPv6 address or host for ping LAN1 LAN2 LAN4 WAN1 WAN2 USB1 USB2 It means to specify LAN or WAN interface for such address E Ex xa am mp pl le e ip6 pi...

Page 653: ... 4DE0 1000 A22 1 330 ms 3 2001 4DE0 A 1 330 ms 4 2001 4DE0 1000 34 1 340 ms 5 2001 7F8 1 A501 5169 1 330 ms 6 2001 4860 1 0 4B3 350 ms 7 2001 4860 8 0 2DAF 330 ms 8 2001 4860 2 0 66E 340 ms 9 Request timed out 10 2001 4860 4860 8888 350 ms Trace complete T Te el ln ne et t C Co om mm ma an nd d i ip p6 6 t ts sp pc c This command allows you to display TSPC status S Sy yn nt ta ax x ip6 tspc ifno S...

Page 654: ... time sec for RADVD server Lifetime It means to set the lifetime The lifetime associated with the default router in units of seconds It s used to control the lifetime of the prefix The maximum value corresponds to 18 2 hours A lifetime of 0 indicates that the router is not a default router and should not appear on the default router list Type the number unit second you want h hoplimit Set hop limi...

Page 655: ...t It means to show the setting information of the access list status It means to show the status of IPv6 management add It means to add an IPv6 address which can be used to execute management through Internet index It means the number 1 2 and 3 allowed to be configured for IPv6 management prefix It means to type the IPv6 address which will be used for accessing Internet prefix length It means to t...

Page 656: ...ription WAN1 WAN2 USB1 USB2 It means the connection interface E Ex xa am mp pl le e ip6 online WAN1 WAN1 online status IPv6 WAN1 Disabled Default Gateway Interface DOWN UpTime 0 00 00 IPv6 DNS Server Static IPv6 DNS Server Static IPv6 DNS Server Static Tx packets 0 Tx bytes 0 Rx packets 0 Rx bytes 0 MTU Onlink 1280 Config MTU 0 T Te el ln ne et t C Co om mm ma an nd d i ip p6 6 a ai ic cc cu u Thi...

Page 657: ...state p 0 1 It is used to specify NTP server for IPv6 0 Auto 1 First Query IPv6 NTP Server E Ex xa am mp pl le e ip6 ntp p 1 Set NTP Priority IPv6 First T Te el ln ne et t C Co om mm ma an nd d i ip p6 6 l la an n S Sy yn nt ta ax x ip6 lan l n l w d D m o s parameter S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description h It is used to display the usage of such command l w d ...

Page 658: ...x xa am mp pl le e ip6 lan l 2 w 1 d 2001 4860 4860 8888 o 1 f 0 s 2 Set LAN2 Set primary WAN1 T Te el ln ne et t C Co om mm ma an nd d i ip pf f v vi ie ew w IPF users to view the version of the IP filter to view set the log flag to view the running IP filter rules S Sy yn nt ta ax x ipf view VcdhrtzZ S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description V It means to show th...

Page 659: ...r you can type is 0 to 12 0 means disable l VALUE It means to setup Log Flag e g l 2 Type 0 to disable the log flag Type 1 to display the log of passed packet Type 2 to display the log of blocked packet Type 3 to display the log of non matching packet p VALUE It means to setup actions for packet not matching any rule e g p 1 Type 0 to let all the packets pass Type 1 to block all the packets R v4 v...

Page 660: ...he load balance policy Q VALUE It means to set the QoS class E Ex xa am mp pl le e ipf set c 1 set call filter start from set 1 Setting saved ipf set d 2 set data filter start from set 2 Setting saved ipf set v Call Filter Enable Start Filter Set 1 Data Filter Enable Start Filter Set 2 Log Flag None Actions for packet not matching any rule Pass or Block Pass CodePage ANSI 1252 Latin I Max Sessions...

Page 661: ...IP Address Address Mask It means to configure source IP address including address type start IP address end IP address and address mask u It means user defined Address Type Type the number representing different address type 0 Subnet Address 1 Single Address 2 Any Address 3 Range Address Example Set Subnet Address s u 0 192 168 1 10 255 255 255 0 Set Single Address s u 1 192 168 1 10 Set Any Addre...

Page 662: ...65535 6 Port range of the End Port Number range is 1 65535 F index log flag It means the Filter action you can specify index Available settings contain 0 Pass Immediately 1 Block Immediately 2 Pass if no further match 3 Block if no further match log flag 0 means disable to save and display in Syslog 1 means enable to save and display in Syslog q index log flag It means the classification for QoS i...

Page 663: ...lay in Syslog 1 means enable to save and display in Syslog c 0 20 It means to set code page Different number represents different code page 0 None 1 ANSI 1250 Central Europe 2 ANSI 1251 Cyrillic 3 ANSI 1252 Latin I 4 ANSI 1253 Greek 5 ANSI 1254 Turkish 6 ANSI 1255 Hebrew 7 ANSI 1256 Arabic 8 ANSI 1257 Baltic 9 ANSI 1258 Viet Nam 10 OEM 437 United States 11 OEM 850 Multilingual Latin I 12 OEM 860 P...

Page 664: ...None DNS Filter None Load Balance policy Auto select Log Enable CodePage ANSI 1252 Latin I Window size 65535 Session timeout 1440 DrayTek Banner Enable Strict Security Checking APP Enforcement T Te el ln ne et t C Co om mm ma an nd d i ip pf f f fl lo ow wt tr ra ac ck k This command is used to set and view flowtrack sessions S Sy yn nt ta ax x ipf flowtrack set re ipf flowtrack view fb ipf flowtr...

Page 665: ...0 flag 203 ORIGIN 192 168 1 11 15073 8 8 8 8 53 ifno 0 REPLY 8 8 8 8 53 192 168 1 11 15073 ifno 3 proto 17 age 93025100 2000 flag 203 ORIGIN 192 168 1 11 7247 8 8 8 8 53 ifno 0 REPLY 8 8 8 8 53 192 168 1 11 7247 ifno 3 proto 17 age 93020100 7000 flag 203 End to show the flowtrack sessions state T Te el ln ne et t C Co om mm ma an nd d L Lo og g This command allows users to view log for WAN interfa...

Page 666: ...49 580 DHCP WAN 5 Len 548XID 0x7880fdd4 Client IP 0 0 0 0 Your IP 0 0 0 0 Next server IP 0 0 0 0 Relay agent IP 0 0 0 0 25 36 57 580 DHCP WAN 5 Len 548XID 0x7880fdd4 Client IP 0 0 0 0 Your IP 0 0 0 0 MORE q Quit Enter New Lines Space Bar Next Page T Te el ln ne et t C Co om mm ma an nd d l ld da ap p u us se er r This command is used to configure the LDAP profile S Sy yn nt ta ax x ldap user INDEX...

Page 667: ...r IP LDAP Server Port 389 T Te el ln ne et t C Co om mm ma an nd d t ta ac ca ac cs sp pl lu us s s se et t This command allows users to configure general settings for TACACS server S Sy yn nt ta ax x tacacspluse set Options Value S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description enable 0 1 Disable 0 enable 1 the TACACS server IP VALUE Set the IP address of TACACS server p...

Page 668: ...cret T Te el ln ne et t C Co om mm ma an nd d m mn ng gt t f ft tp pp po or rt t This command allows users to set FTP port for management S Sy yn nt ta ax x mngt ftpport FTP port S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description FTP port It means to type the number for FTP port The default setting is 21 E Ex xa am mp pl le e mngt ftpport 21 Set FTP server port to 21 done T...

Page 669: ...n ng gt t t te el ln ne et tp po or rt t This command allows users to set telnet port for management S Sy yn nt ta ax x mngt telnetport Telnet port S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description Telnet port It means to type the number for telnet port The default setting is 23 E Ex xa am mp pl le e mngt telnetport 23 Set Telnet server port to 23 done T Te el ln ne et t C...

Page 670: ...ping off mngt noping viewlog mngt noping clearlog S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description on All PING packets will be forwarded from LAN PC to Internet off All PING packets will be blocked from LAN PC to Internet viewlog It means to display a log of ping action including source MAC and source IP clearlog It means to clear the log of ping action E Ex xa am mp pl l...

Page 671: ...of defense worm packet including source MAC and source IP clearlog It means to remove the log of defense worm packet E Ex xa am mp pl le e mngt defenseworm add 21 Add TCP port 21 Block TCP port list 135 137 138 139 445 21 mngt defenseworm del 21 Delete TCP port 21 Block TCP port list 135 137 138 139 445 T Te el ln ne et t C Co om mm ma an nd d m mn ng gt t r rm mt tc cf fg g This command can allow...

Page 672: ... port S Sy yn nt ta ax x mngt lanaccess e 0 1 s value i value mngt lanaccess f mngt lanaccess d mngt lanaccess v mngt lanaccess h S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description e 0 1 It means to enable disable the function 0 disable the function 1 enable the function s value It means to specify service offered Available values include FTP HTTP HTTPS TELNET SSH None All ...

Page 673: ... PING packets from the Internet S Sy yn nt ta ax x mngt echoicmp enable mngt echoicmp disable S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description enable It means to accept the echo ICMP packet disable It means to drop the echo ICMP packet E Ex xa am mp pl le e mngt echoicmp enable Echo ICMP packet enabled T Te el ln ne et t C Co om mm ma an nd d m mn ng gt t a ac cc ce es ss...

Page 674: ...t snmp command parameter S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description command parameter The available commands with parameters are listed below means that you can type in several commands in one line e 1 2 1 Enable the SNMP function 2 Disable the SNMP function g Community name It means to set the name for getting community by typing a proper character max 23 character...

Page 675: ...the specified LAN interface Off means turning off the subnet E Ex xa am mp pl le e msubnet switch 2 On LAN2 Subnet On This setting will take effect after rebooting Please use sys reboot command to reboot the router T Te el ln ne et t C Co om mm ma an nd d m ms su ub bn ne et t a ad dd dr r This command is used to configure IP address for the specified LAN interface S Sy yn nt ta ax x msubnet addr ...

Page 676: ...e el ln ne et t C Co om mm ma an nd d m ms su ub bn ne et t s st ta at tu us s This command is used to display current status of subnet S Sy yn nt ta ax x msubnet status 2 3 4 5 6 7 8 S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description 2 3 4 5 6 7 8 It means LAN interface 2 LAN2 3 LAN3 4 LAN4 5 LAN5 6 LAN6 7 LAN7 8 LAN8 E Ex xa am mp pl le e msubnet status 2 LAN2 Off 0 0 0 0...

Page 677: ...nfigured for NAT usage Off It means the subnet will be configured for Routing usage E Ex xa am mp pl le e msubnet nat 2 off LAN2 Subnet is for Routing usage Note If you have multiple WAN connections please be reminded to setup a Load Balance policy so that packets from this subnet will be forwarded to the right WAN interface This setting will take effect after rebooting Please use sys reboot comma...

Page 678: ...This setting will take effect after rebooting Please use sys reboot command to reboot the router T Te el ln ne et t C Co om mm ma an nd d m ms su ub bn ne et t t ta al lk k This command is used to establish a route between two LAN interfaces S Sy yn nt ta ax x msubnet talk 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 On Off S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description 1 2 3 4 5 6 ...

Page 679: ...e msubnet startip 2 192 168 2 90 Set LAN2 Dhcp Start IP done This setting will take effect after rebooting Please use sys reboot command to reboot the router msubnet startip msubnet startip 2 3 4 Gateway IP Now LAN2 192 168 2 90 LAN3 192 168 3 10 LAN4 192 168 4 10 T Te el ln ne et t C Co om mm ma an nd d m ms su ub bn ne et t p pp pp pi ip p This command is used to configure a starting IP address ...

Page 680: ...nterface 2 LAN2 3 LAN3 4 LAN4 5 LAN5 6 LAN6 7 LAN7 8 LAN8 count Choose the following number for specifying different node type 1 B node 2 P node 4 M node 8 H node 0 Not specify any type for node E Ex xa am mp pl le e msubnet nodetype msubnet nodetype 2 3 4 count Now LAN2 0 LAN3 0 LAN4 0 count 1 B node 2 P node 4 M node 8 H node msubnet nodetype 2 1 Set LAN2 Dhcp Node Type done msubnet nodetype msu...

Page 681: ... LAN3 0 0 0 0 LAN4 0 0 0 0 T Te el ln ne et t C Co om mm ma an nd d m ms su ub bn ne et t s se ec cW WI IN NS S This command is used to configure secondary WINS server S Sy yn nt ta ax x msubnet secWINS 2 3 4 5 6 7 8 WINS IP S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description 2 3 4 5 6 7 8 It means LAN interface 2 LAN2 3 LAN3 4 LAN4 5 LAN5 6 LAN6 7 LAN7 8 LAN8 WINS IP Type t...

Page 682: ... mp pl le e msubnet tftp msubnet tftp 2 3 4 5 6 7 8 TFTP server name Now LAN2 LAN3 LAN4 LAN5 LAN6 LAN7 LAN8 msubnet tftp 2 publish Set LAN2 TFTP Server Name done msubnet tftp msubnet tftp 2 3 4 5 6 7 8 TFTP server name Now LAN2 publish LAN3 LAN4 LAN5 LAN6 LAN7 LAN8 T Te el ln ne et t C Co om mm ma an nd d m ms su ub bn ne et t m mt tu u This command allows you to configure MTU value for LAN IP Rou...

Page 683: ...bject ip obj INDEX v object ip obj INDEX n NAME object ip obj INDEX i INTERFACE object ip obj INDEX s INVERT object ip obj INDEX a TYPE START_IP END MASK_IP S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description setdefault It means to return to default settings for all profiles INDEX It means the index number of the specified object profile v It means to view the information of...

Page 684: ... marketing Interface Any Address type single Start ip address 192 168 1 45 End Mask ip address 0 0 0 0 Invert Selection 0 T Te el ln ne et t C Co om mm ma an nd d o ob bj je ec ct t i ip p g gr rp p This command is used to integrate several IP objects under an IP group profile S Sy yn nt ta ax x object ip grp setdefault object ip grp INDEX v object ip grp INDEX n NAME object ip grp INDEX i INTERFA...

Page 685: ...ple object ip grp 3 a 1 2 3 4 5 The IP object profiles with index number 1 2 3 4 and 5 will be group under such profile E Ex xa am mp pl le e object ip grp 2 n First IP Group Profile 2 Name First Interface Any Included ip object index 0 0 1 0 2 0 3 0 4 0 5 0 6 0 7 0 object ip grp 2 i 1 object ip grp 2 a 1 2 IP Group Profile 2 Name First Interface Lan Included ip object index 0 1 1 2 2 0 3 0 4 0 5 ...

Page 686: ...Type a name with less than 15 characters Example object ip obj 9 n bruce i INTERFACE It means to define an interface for the IP object INTERFACE 0 means any INTERFACE 1 means LAN INTERFACE 3 means WAN Example object ip obj 8 i 0 s INVERT It means to set invert seletion for the object profile INVERT 0 means disableing the function INVERT 1 means enabling the function Example object ip obj 3 s 1 a T...

Page 687: ...r all profiles INDEX It means the index number of the specified group profile v It means to view the information of the specified group profile Example object ip grp 1 v n NAME It means to define a name for the IP group NAME Type a name with less than 15 characters Example object ip grp 8 n bruce i INTERFACE It means to define an interface for the IP group INTERFACE 0 means any INTERFACE 1 means L...

Page 688: ...pt ti io on n Parameter Description setdefault It means to return to default settings for all profiles INDEX It means the index number of the specified service object profile v It means to view the information of the specified service object profile Example object service obj 1 v n NAME It means to define a name for the IP object NAME Type a name with less than 15 characters Example object service...

Page 689: ...ND_P type a port number to indicate destination port Example object service obj 3 d 1 100 200 E Ex xa am mp pl le e object service obj 1 n limit object service obj 1 p 255 object service obj 1 s 1 120 240 object service obj 1 d 1 200 220 object service obj 1 v Service Object Profile 1 Name limit Protocol 255 Source port check action Source port range 120 240 Destination port check action Destinati...

Page 690: ... object index 0 0 1 0 2 0 3 0 4 0 5 0 6 0 7 0 object service grp 1 a 1 2 Service Group Profile 1 Name Grope_1 Included service object index 0 1 1 2 2 0 3 0 4 0 5 0 6 0 7 0 T Te el ln ne et t C Co om mm ma an nd d o ob bj je ec ct t k kw w This command is used to create keyword profile S Sy yn nt ta ax x object kw obj setdefault object kw obj show PAGE object kw obj INDEX v object kw obj INDEX n NA...

Page 691: ... ln ne et t C Co om mm ma an nd d o ob bj je ec ct t f fe e This command is used to create File Extension Object profile S Sy yn nt ta ax x object fe show object fe setdefault object fe obj INDEX v object fe obj INDEX n NAME object fe obj INDEX e CATEGORY FILE_EXTENSION object fe obj INDEX d CATEGORY FILE_EXTENSION S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description show It ...

Page 692: ...olb ole tlb viv vrm ace arj bzip2 bz2 cab gz gzip rar sit zip bas bat com exe inf pif reg scr Example object fe obj 1 e bmp E Ex xa am mp pl le e object fe obj 1 n music object fe obj 1 e Audio object fe obj 1 v Profile Index 1 Profile Name music Image category bmp dib gif jpeg jpg jpg2 jp2 pct pcx pic pict png tif tiff Video category asf avi mov mpe mpeg mpg v mp4 qt rm v wmv 3gp 3gpp 3gpp2 3g2 A...

Page 693: ...Vigor2952 Series User s Guide 681 Executation category bas bat com exe inf pif reg scr ...

Page 694: ...ion AN 10H It means the physical type for the Ethernet connection AN auto negotiate 100F 100M Full Duplex 100H 100M Half Duplex 10F 10M Full Duplex 10H 10M Half Duplex status It means to view the Ethernet port status wanfc It means to set WAN flow control E Ex xa am mp pl le e port 1 100F Set Port 1 Force speed 100 Full duplex OK T Te el ln ne et t C Co om mm ma an nd d p po or rt tm ma ap pt ti i...

Page 695: ...n nd d p pp pa a S Sy yn nt ta ax x ppa command parameter ppa n command parameter S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description command parameter The available commands with parameters are listed below means that you can type in several commands in one line m mode Specify a mode 1 auto 2 manual traffic 3 manual qos 4 manual specific hosts 0 disable p proto Specify a pr...

Page 696: ...ccleration is disable ppa v PPA mode is Auto PPA Protocol TCP 1 UDP 0 PPA two way disable PPA time is 10 PPA range is 192 PPA LAN entries 0 PPA WAN entries 0 T Te el ln ne et t C Co om mm ma an nd d p pr rn n This command allows you to view current status interface and driver of USB printer S Sy yn nt ta ax x prn status prn pppoe_stat qos E Ex xa am mp pl le e prn status Interface USB bus 2 0 Prin...

Page 697: ...und bandwidth in kbps Ethernet WAN only The available setting is from 1 to 100000 o bandwidth It means to set outbound bandwidth in kbps Ethernet WAN only The available setting is from 1 to 100000 r index ratio It means to set ratio for class index in u mode It means to enable bandwidth control for UDP 0 disable 1 enable Default is disable p ratio It means to enable bandwidth limit ratio for UDP t...

Page 698: ...ly for example l 172 16 3 9 addr1 addr2 It means Range address Please specify the IP addresses for example l 172 16 3 9 172 16 3 50 addr1 subnet It means the subnet address with start IP address Please type the subnet and the IP address for example l 172 16 3 9 255 255 0 0 0 any It means Any address Simple type l to specify any address for this command r addr Set the remote address addr1 It means ...

Page 699: ...et t C Co om mm ma an nd d q qo os s t ty yp pe e This command allows user to configure protocol type and port number for QoS S Sy yn nt ta ax x qos type a service name e no d no S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description a name It means to add rule e no It means to edit user defined service type no means the index number Available numbers are 1 40 d no It means to ...

Page 700: ...m ma an nd d q qu ui it t This command can exit the telnet command screen T Te el ln ne et t C Co om mm ma an nd d s sh ho ow w l la an n This command displays current status of LAN IP address settings E Ex xa am mp pl le e show lan The LAN settings Status IP Mask DHCP Start IP Pool Gateway V LAN1 192 168 1 1 255 255 255 0 V 192 168 1 10 200 192 168 1 1 V LAN2 192 168 2 1 255 255 255 0 V 192 168 2...

Page 701: ...02 211 100 11 WAN3 DMZ mapping status Index Status WAN3 aux IP Private IP 1 Disable 0 0 0 0 WAN4 DMZ mapping status Index Status WAN4 aux IP Private IP 1 Disable 0 0 0 0 T Te el ln ne et t C Co om mm ma an nd d s sh ho ow w d dn ns s This command displays current status of DNS setting E Ex xa am mp pl le e show dns Domain name server settings LAN1 Primary DNS Not set LAN1 Secondary DNS Not set LAN...

Page 702: ... Total 1 items listed T Te el ln ne et t C Co om mm ma an nd d s sh ho ow w n na at t This command displays current status of NAT E Ex xa am mp pl le e show nat Port Redirection Running Table Index Protocol Public Port Private IP Private Port 1 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 3 0 0 0 0 0 0 0 4 0 0 0 0 0 0 0 5 0 0 0 0 0 0 0 6 0 0 0 0 0 0 0 7 0 0 0 0 0 0 0 8 0 0 0 0 0 0 0 9 0 0 0 0 0 0 0 10 0 0 0 0 0 ...

Page 703: ...e e show pmtime Level0 TCP 86400001 UDP 300001 ICMP 10001 Level1 TCP 600000 UDP 90000 ICMP 7000 Level2 TCP 60000 UDP 30000 ICMP 5000 T Te el ln ne et t C Co om mm ma an nd d s sh ho ow w s se es ss si io on n This command displays current status of current session E Ex xa am mp pl le e show session Maximum Session Number 50000 Maximum Session Usage 0 Current Session Usage 0 Current Session Used in...

Page 704: ...ln ne et t C Co om mm ma an nd d s sh ho ow w s st ta at ti is st ti ic c This command displays statistics for WAN interface S Sy yn nt ta ax x show statistic show statistic reset interface S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description reset It means to reset the transmitted received bytes to Zero interface It means to specify WAN1 WAN5 interface for displaying related...

Page 705: ...t host name Set a name of the host for SMB service set access LAN or LANWAN Allow to access into SMB server by LAN or borth LAN and WAN E Ex xa am mp pl le e smb setting enable SMB service is enabled smb setting set access LAN Allow SMB access from LAN only T Te el ln ne et t C Co om mm ma an nd d s sr rv v d dh hc cp p d dh hc cp p2 2 This command is enable or disable the port setting for the sec...

Page 706: ...XX XX XX all ALL S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description start It means the starting point of the IP address pool for the DHCP server IP address It means to specify an IP address as the starting point in the IP address pool cnt It means the IP count number IP counts It means to specify the number of IP addresses in the pool The maximum is 10 status It means the e...

Page 707: ... le e srv dhcp dns1 168 95 1 1 srv dhcp dns1 DNS IP address Now 168 95 1 1 IP Routed Subnet dns same as NAT Subnet dns T Te el ln ne et t C Co om mm ma an nd d s sr rv v d dh hc cp p d dn ns s2 2 This command allows users to set Secondary IP Address for DNS Server in LAN S Sy yn nt ta ax x srv dhcp dns2 lan1 lan2 lan3 lan4 lan5 lan6 lan7 lan8 DNS IP address S Sy yn nt ta ax x D De es sc cr ri ip p...

Page 708: ...d from ISP E Ex xa am mp pl le e srv dhcp frcdnsmanl on Domain name server now is using manual settings srv dhcp frcdnsmanl off Domain name server now is using auto settings T Te el ln ne et t C Co om mm ma an nd d s sr rv v d dh hc cp p g ga at te ew wa ay y This command allows users to specify gateway address for DHCP server S Sy yn nt ta ax x srv dhcp gateway Gateway IP S Sy yn nt ta ax x D De ...

Page 709: ... o on n This function allows users to turn on DHCP server It needs rebooting router please type sys reboot command to reboot router T Te el ln ne et t C Co om mm ma an nd d s sr rv v d dh hc cp p r re el la ay y This command allows users to set DHCP relay setting S Sy yn nt ta ax x srv dhcp relay servip server ip srv dhcp relay subnet index S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Para...

Page 710: ... general information for the DHCP server such as IP address MAC address leased time host ID and so on E Ex xa am mp pl le e srv dhcp status LAN1 192 168 1 1 255 255 255 0 DHCP server On Default gateway 192 168 1 1 Index IP Address MAC Address Leased Time HOST ID 1 192 168 1 255 00 00 00 00 00 00 BAD IP 2 192 168 1 0 00 00 00 00 00 00 BAD IP 3 192 168 1 1 00 00 00 00 00 00 BAD IP LAN2 192 168 2 1 2...

Page 711: ...se The unit is second E Ex xa am mp pl le e srv dhcp leasetime srv dhcp leasetime Lease Time sec Now 86400 T Te el ln ne et t C Co om mm ma an nd d s sr rv v d dh hc cp p n no od de et ty yp pe e This command can set the node type for the DHCP server S Sy yn nt ta ax x srv dhcp nodetype count S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description count It means to specify a typ...

Page 712: ...dhcp primWINS 192 168 1 88 srv dhcp primWINS srv dhcp primWINS WINS IP address srv dhcp primWINS clear Now 192 168 1 88 T Te el ln ne et t C Co om mm ma an nd d s sr rv v d dh hc cp p s se ec cW WI IN NS S This command can set the secondary IP address for the DHCP server S Sy yn nt ta ax x srv dhcp secWINS WINS IP address srv dhcp secWINS clear S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n ...

Page 713: ...ns to set the time 5 300 seconds for checking if the IP can be assigned again or not E Ex xa am mp pl le e Vigor srv dhcp expRecycleIP 250 DHCP expired_RecycleIP 250 T Te el ln ne et t C Co om mm ma an nd d s sr rv v d dh hc cp p t tf ft tp p This command can set the TFTP server as the DHCP server S Sy yn nt ta ax x srv dhcp tftp TFTP server name S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on ...

Page 714: ... l It means to display all the user defined DHCP options d idx It means to delete the option number by specifying its index number e 1 or 0 It means to enable disable custom option feature 1 enable 0 disable i lan number It means to set LAN number 1 LAN1 a all LAN r routed subnet d dmz s Next Server IP Address It means to specify the IP address for next server c option number It means to set optio...

Page 715: ...veral commands in one line e It means to enable disable such feature 1 enable 0 disable i It means to specify the private IP address of the DMZ host r It means to remove DMZ host setting v It means to display current status E Ex xa am mp pl le e srv nat dmz 1 1 i 192 168 1 96 srv nat dmz v WAN1 DMZ mapping status Index Status WAN1 aux IP Private IP 1 Disable 0 0 0 0 192 168 1 96 T Te el ln ne et t...

Page 716: ...r disable the open port rule profile 0 disable 1 enable c comment It means to type the description less than 23 characters for the defined network service i local ip It means to set the IP address for local computer Local ip Type an IP address in this field w idx It means to specify the public IP 1 WAN1 Default 2 WAN1 Alias 1 and so on p protocol Specify the transport layer protocol Available valu...

Page 717: ...D De es sc cr ri ip pt ti io on n Parameter Description Add idx It means to add a new port redirection table with an index number Available index number is from 1 to 10 serv name It means to type one name as service name proto It means to specify TCP or UDP as the protocol pub port It means to specify which port can be redirected to the specified Private IP and Port of the internal host pri ip It ...

Page 718: ... 8 0 0 0 2 9 0 0 0 2 10 0 0 0 2 11 0 0 0 2 12 0 0 0 2 13 0 0 0 2 14 0 0 0 2 15 0 0 0 2 16 0 0 0 2 17 0 0 0 2 18 0 0 0 2 19 0 0 0 2 20 0 0 0 2 Protocol 0 Disable 6 TCP 17 UDP T Te el ln ne et t C Co om mm ma an nd d s sr rv v n na at t t tr ri ig gg ge er r This command allows users to configure port triggering settings for NAT S Sy yn nt ta ax x srv nat trigger setdefault srv nat trigger view srv ...

Page 719: ...lay the port trigger settings for specified rule E Ex xa am mp pl le e srv nat trigger 1 c after_dinner srv nat trigger 1 e 1 srv nat trigger 1 p 1 srv nat trigger 1 t 2000 srv nat trigger 1 P 2 srv nat trigger 1 i 3000 srv nat trigger 1 v Port Trigger Rule Index 1 Status Enable Comment after_dinner2000 Triggering Protocol TCP Triggering Port 2000 Incoming Protocol UDP Incoming Port 3000 T Te el l...

Page 720: ...t Act R01 TCP 0 0 0 0 80 192 168 1 11 100 Y O01 TCP 0 0 0 0 23 83 192 168 1 100 23 83 Y D01 All 0 0 0 0 192 168 1 96 Y R Port Redirection O Open Ports D DMZ T Te el ln ne et t C Co om mm ma an nd d s sr rv v n na at t c cl lo os se ef ff fp p S Sy yn nt ta ax x srv nat closeffp n command parameter S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description n command parameter n mean...

Page 721: ... Description switch idx_no It means the index number of the switch profile option The available commands with parameters are listed below cmd acc traffic on off status tx rx cmd It means to send command to the client acc It means to set the client authentication account and password traffic on off status tx rx It means to turn on off or display the data transmission from the client E Ex xa am mp p...

Page 722: ...x xa am mp pl le e switch on Enable Extrnal Device auto discovery T Te el ln ne et t C Co om mm ma an nd d s sw wi it tc ch h o of ff f This command is used to turn off the auto discovery for external devices E Ex xa am mp pl le e switch off Disable External Device auto discovery T Te el ln ne et t C Co om mm ma an nd d s sw wi it tc ch h l li is st t This command is used to display the connection...

Page 723: ...ss into test mode of Vigor router T Te el ln ne et t C Co om mm ma an nd d s sy ys s a ad dm mi in nu us se er r This command is used to create user account and specify LDAP server The server will authenticate the local user who wants to access into the web user interface of Vigor router S Sy yn nt ta ax x sys adminuser option sys adminuser edit index username password S Sy yn nt ta ax x D De es s...

Page 724: ...ure the Bonjour service S Sy yn nt ta ax x sys bonjour command parameter S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description e enable It is used to disable enable bonjour service 0 disable 1 enable h enable It is used to disable enable http web service 0 disable 1 enable t enable It is used to disable enable telnet service 0 disable 1 enable f enable It is used to disable en...

Page 725: ...us Profile version 3 0 0 Status 1 0x491e5e6c sys cfg default T Te el ln ne et t C Co om mm ma an nd d s sy ys s c cm md dl lo og g This command displays the history of the commands that you have typed E Ex xa am mp pl le e sys cmdlog Commands Log The lowest index is the newest 1 sys cmdlog 2 sys cmdlog 3 sys 4 sys cfg status 5 sys cfg T Te el ln ne et t C Co om mm ma an nd d s sy ys s f ft tp pd d...

Page 726: ...e e sys domainname wan1 clever sys domainname wan2 intellegent sys domainname sys domainname wan1 wan2 Domain Name Suffix max 40 characters sys domainname wan1 wan2 clear Now wan1 clever wan2 intelligent T Te el ln ne et t C Co om mm ma an nd d s sy ys s i if fa ac ce e This command displays the current interface connection status UP or Down with IP address MAC address and Netmask for the router E...

Page 727: ... ax x D De es sc cr ri ip pt ti io on n Parameter Description wan1 wan2 It means to specify WAN interface for assigning a name for it ASCII string It means the name for router The maximum character that you can set is 20 E Ex xa am mp pl le e sys name wan1 drayrouter sys name sys name wan1 wan2 ASCII string max 20 characters sys name wan1 wan2 clear Now wan1 drayrouter wan2 Note Such name can be u...

Page 728: ...f auto reboot Off It means to disable the function of auto reboot hours It means to set the time schedule for router reboot For example if you type 2 in this field the router will reboot with an interval of two hours E Ex xa am mp pl le e sys autoreboot on autoreboot is ON sys autoreboot 2 autoreboot is ON autoreboot time is 2 hour s T Te el ln ne et t C Co om mm ma an nd d s sy ys s c co om mm mi...

Page 729: ... Date Time Jan 5 2016 14 15 52 Router Name DrayTek Revision 53829 V381_3220_3821 T Te el ln ne et t C Co om mm ma an nd d s sy ys s q qr ry yb bu uf f This command can display the system memory status and leakage list E Ex xa am mp pl le e sys qrybuf System Memory Status and Leakage List Buf sk_buff 200B used 1647 cached 30 Buf KMC4088 4088B used 0 cached 8 Buf KMC2552 2552B used 1641 cached 42 Bu...

Page 730: ...gorACS S Sy yn nt ta ax x sys tr069 get parm option sys tr069 set parm value sys tr069 getnoti parm sys tr069 setnoti parm value sys tr069 log sys tr069 debug on off sys tr069 save sys tr069 inform event code sys tr069 port port num sys tr069 cert_auth on off S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description get parm option It means to get parameters for tr 069 option next...

Page 731: ...NumberOfEntries InternetGatewayDevice DeviceInfo InternetGatewayDevice ManagementServer InternetGatewayDevice Time InternetGatewayDevice Layer3Forwarding InternetGatewayDevice LANDevice InternetGatewayDevice WANDevice InternetGatewayDevice Services InternetGatewayDevice X_00507F_InternetAcc InternetGatewayDevice X_00507F_LAN InternetGatewayDevice X_00507F_NAT InternetGatewayDevice X_00507F_Firewal...

Page 732: ... license licera sys license licifno sys license lic_wiz set reg qry sys license dev_chg sys license dev_key S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description licmsg It means to display license message licauth It means the license authentication time setting regser It means the license register server setting licera It means to erase license setting licifno It means license...

Page 733: ...ight saving t 0 1 2 Specify the saving type for daylight setting 0 Default 1 Time range 2 Yearly s year month day hour Set the detailed settings of the starting day for time range type year must be the year after 2013 month 1 12 day 1 31 hour 0 23 e g sys daylightsave s 2014 3 10 12 d year month day hour Set the detailed settings of the ending day for time range type year After 2013 month 1 12 day...

Page 734: ...isplay the TTL limit value in the DNS cache table t 0 n Set the TTL limit value in the DNS cache table 0 No limit N Greater than or equal to 5 c Clear the DNS cache table E Ex xa am mp pl le e sys dnsCacheTbl l DNS Cache Table List sys dnsCacheTbl t 65 Set TTL limit 65 seconds When TTL larger than 65s delete the DNS entry in the router s DNS cache tabl e T Te el ln ne et t C Co om mm ma an nd d s ...

Page 735: ...y yn nt ta ax x sys time server domain sys time inquire sys time show sys time zone index S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description domain Type the domain name of the time server index Different number means different time zone 1 GMT 12 00 Eniwetok Kwajalein 2 GMT 11 00 Midway Island Samoa 3 GMT 10 00 Hawaii 4 GMT 09 00 Alaska 5 GMT 08 00 Pacific Time US Canada 6 G...

Page 736: ...47 GMT 04 30 Kabul 48 GMT 05 00 Ekaterinburg 49 GMT 05 00 Islamabad Karachi Tashkent 50 GMT 05 30 Bombay Calcutta 51 GMT 05 30 Madras New Delhi 52 GMT 06 00 Astana Almaty Dhaka 53 GMT 06 00 Colombo 54 GMT 07 00 Bangkok Hanoi Jakarta 55 GMT 08 00 Beijing Chongqing 56 GMT 08 00 Hong Kong Urumqi 57 GMT 08 00 Singapore 58 GMT 08 00 Taipei 59 GMT 08 00 Perth 60 GMT 09 00 Seoul 61 GMT 09 00 Osaka Sappor...

Page 737: ...tion 0 Disable EAP TLS compatibility 1 Enable EAP TLS compatibility E Ex xa am mp pl le e sys eap_tls set 1 Enable EAP_TLS compatibility T Te el ln ne et t C Co om mm ma an nd d t te es st tm ma ai il l This command is used to display current settings for sending test mail E Ex xa am mp pl le e testmail Send out test mail Mail Alert Disable SMTP_Server 0 0 0 0 Mail to Return Path T Te el ln ne et ...

Page 738: ...eDuration 0 PortMapEnabled 0 0 MORE q Quit Enter New Lines Space Bar Next Page T Te el ln ne et t C Co om mm ma an nd d u up pn np p s se er rv vi ic ce e This command can display the information of the UPnP service UPnP service must be enabled first E Ex xa am mp pl le e upnp on UPNP start upnp service SERVICE TABLE1 serviceType urn schemas microsoft com service OSInfo 1 serviceId urn microsoft c...

Page 739: ...ventKey 1 expireTime 6926 active 1 DeliveryURLs http 192 168 1 113 2869 upnp eventing twtnpnsiun 2 serviceType urn schemas upnp org service WANCommonInterfaceConfig 1 Subscribtion1 sid d9cd47a5 d9c9 4d3d 8043 d03a82f27983 eventKey 1 ToSendEventKey 1 T Te el ln ne et t C Co om mm ma an nd d u up pn np p t tm mp pv vs s This command can display current status of temp Virtual Server of your router E ...

Page 740: ...t WAN interface n 1 WAN1 n 2 WAN2 E Ex xa am mp pl le e upnp wan 1 use wan1 now T Te el ln ne et t C Co om mm ma an nd d u us sb b l li is st t This command is use to display the information about the brand name and model name of the USB modems which are supported by Vigor router E Ex xa am mp pl le e usb list Brand Module Standard Aiko Aiko 83D 3 5G Y BandRich Bandluxe C170 3 5G Y BandRich Bandlu...

Page 741: ...r ri ip pt ti io on n Parameter Description add Add a new user profile Rm Delete an existed user profile enable Enable a user profile disable Disable a user profile list Display all of the user profile index It means the index number of the user profile There are 16 profiles allowed to be configured So the range of such option is 1 16 Username Type a text maximum 11 characters as the username for ...

Page 742: ...face 1 WAN1 2 WAN2 3 WAN3 4 WAN4 l LAN_idx LAN_idx Indicate the LAN interface 1 LAN1 2 LAN2 3 LAN3 4 LAN4 e 0 1 Enable 1 or disable 0 the Vigor Bridge for WAN or and LAN f 0 1 Enable 1 or disable 0 the firewall functions E Ex xa am mp pl le e vigbrg set v 4 w 1 l 1 e 1 WAN1 IPv4 bridge is enable Set subnet LAN1 T Te el ln ne et t C Co om mm ma an nd d v vi ig gb br rg g s st ta at tu us s This com...

Page 743: ...e modem change from ADSL router into bridge modem including index number MAC address Stamp Time PVC VLAN port for Vigor Bridge Function E Ex xa am mp pl le e vigbrg wanstatus Vigor Bridge Running WAN mac table Index MAC Address Stamp Time PVC VLan Port T Te el ln ne et t C Co om mm ma an nd d v vi ig gb br rg g w wl la an ns st ta at tu us s This command can display the existed WLAN connection sta...

Page 744: ...s4 3 V V V T Te el ln ne et t C Co om mm ma an nd d v vl la an n o of ff f This command allows you to disable VLAN function S Sy yn nt ta ax x vlan off E Ex xa am mp pl le e vlan off VLAN is Disable Force subnet LAN2 3 4 to be disabled T Te el ln ne et t C Co om mm ma an nd d v vl la an n o on n This command allows you to enable VLAN function S Sy yn nt ta ax x vlan on E Ex xa am mp pl le e vlan o...

Page 745: ...a an n s st ta at tu us s This command display current status for VLAN S Sy yn nt ta ax x vlan status E Ex xa am mp pl le e vlan status VLAN is Enable VLAN Enable VID Pri p1 p2 p3 p4 s1 s2 s3 s4 subnet 0 OFF 0 0 1 LAN1 1 OFF 0 2 1 LAN1 2 OFF 0 0 1 LAN1 3 OFF 0 0 V V V 1 LAN1 4 OFF 0 0 1 LAN1 5 OFF 0 0 1 LAN1 6 OFF 0 0 1 LAN1 7 OFF 0 0 1 LAN1 Note they are only untag for s1 s2 s3 s4 but they can jo...

Page 746: ...ter Description on It means to enable the promiscuous mode off It means to enable the normal mode status It means to display if submode is normal mode or promiscuous mode E Ex xa am mp pl le e vlan submode status vlan subnet mode normal mode vlan submode on vlan subnet mode modified to promiscuous mode vlan submode status vlan subnet mode promiscuous mode T Te el ln ne et t C Co om mm ma an nd d v...

Page 747: ...De es sc cr ri ip pt ti io on n Parameter Description n It means VLAN channel The ranage is from 0 to 7 vid_no It means the value of VLAN ID Type the value as the VLAN ID number The range is form 0 to 4095 E Ex xa am mp pl le e vlan vid 1 4095 VLAN1 vid 4095 T Te el ln ne et t C Co om mm ma an nd d v vl la an n s sy ys sv vi id d This command is used to modify and show the scope reserved 78 of the...

Page 748: ...ex number of L2L LAN to LAN profile peerid It means the peer identity for aggressive mode localid It means the local identity for aggressive mode main It means to choose proposal for main mode auto index It means to choose default proposals proposal index It means to choose specified proposal aggressive It means the chosen DH group for aggressive mode pfs It means perfect forward secrete on off It...

Page 749: ...IN code with secret pin Type the code for authentication e g 1234 secret Use the 32 digit secret number generated by mOTP in the mobile phone e g e759bb6f0e94c7ab4fe6 E Ex xa am mp pl le e vpn dinset 1 Dial in profile index 1 Profile Name Status Deactive Mobile OTP Disabled Password Idle Timeout 300 sec vpn dinset 1 on set profile active vpn dinset 1 motp on Enable Mobile OTP mode vpn dinset 1 pin...

Page 750: ...is command allows users to setup VPN for different types S Sy yn nt ta ax x Command of PPTP Dial Out vpn setup index name pptp_out ip usr pwd nip nmask Command of IPSec Dial Out vpn setup index name ipsec_out ip key nip nmask Command of L2Tp Dial Out vpn setup index name l2tp_out ip usr pwd nip nmask Command of Dial In vpn setup index name dialin ip usr pwd key nip nmask S Sy yn nt ta ax x D De es...

Page 751: ...k e g vpn setup 1 name1 l2tp_out 1 2 3 4 vigor 1234 192 168 1 0 255 255 255 0 For Dial In index It means the index number of the profile name It means the name of the profile ip It means the IP address allowed to dial in usr pwd It means the user and the password required for the PPTP L2TP connection key It means the value of IPsec Pre Shared Key nip nmask It means the remote network IP and the ma...

Page 752: ...ly nnpkt It means the NetBios Naming Packet on Enable the function to pass the packet off Disable the function to block the packet dir It means the call direction Available settings are b o and i b Both o Dial Out i Dial In idle value It means Always on and Idle Time out Available values include 1 it means always on for dial out 0 it means always on for dial in Other numbers e g idle 200 idle 300 ...

Page 753: ...ith Authentication sch It means Index 1 15 in Schedule Setup sch 1 3 5 7 Set schedule 1 3 5 7 rcallb It means Require Remote to Callback rcallb on off means to enable disable Set Require Remote to Callback ikeid It means IKE Local ID ikeid vigor means Set Local ID vigor For Dial In Settings itype It means Allowed Dial In Type Available settings include itype t means PPTP itype s means IPSec itype ...

Page 754: ... to set RIP Direction as Disable rip t means to set RIP Direction as TX rip r means to set RIP Direction as RX rip b means to set RIP Direction as Both mode It means the option of From first subnet to remote network you have to do mode r means to set Route mode mode n means to set NAT mode droute It means to Change default route to this VPN tunnel Only single WAN supports this droute on off means ...

Page 755: ... vpn list index all vpn list index com vpn list index out vpn list index in vpn list index net S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description all It means to list configuration of the specified profile com It means to list common settings of the specified profile out It means to list dial out settings of the specified profile in It means to list dial in settings of the ...

Page 756: ...meout 300 PING to keep alive off T Te el ln ne et t C Co om mm ma an nd d v vp pn n r re em mo ot te e This command allows users to enable or disable PPTP IPSec L2TP VPN service S Sy yn nt ta ax x vpn remote PPTP IPSec L2TP on off S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description PPTP IPSec L2TP There are four types to be selected on off on enable VPN remote setting off di...

Page 757: ...r 1 Member 2 vpn trunk lb more_syslog ON OFF vpn trunk lb algorithm name RR vpn trunk lb algorithm name W RR Auto AccordingRatio Member1 Member2 vpn trunk lb algorithm name Fastest vpn trunk bind usage BindIndex vpn trunk bind show LoadBalanceName vpn trunk bind reset_default vpn trunk bind more_syslog ON OFF vpn trunk bind set BindIndex ACT TrunkName Member SrcIp A B DstI p A B DstPort A B Proto ...

Page 758: ...All of the dial out profiles will be taken truns equally lb algorithm name W RR Auto AccordingRatio Member1 Member2 Such command is to configure the algorithm with round robin mode of Load Balance name Specify the name of the VPN trunk W RR It means weighted round robin mod based on speed ratio Auto the speed must be based on Lay2 AccordingRatio the speed must be based on given ratio Member 1 Inid...

Page 759: ...s active n means inactive or delete TrunkName Specify the name of the VPN trunk Member Specify the index number of the LAN to LAN dial out profile to be bound SrcIp A B Specify the source IP range e g 192 168 10 0 192 168 10 255 DstI p A B Specify the destination IP range e g 192 168 1 0 192 168 1 255 DstPort A B Specify the destination port range 1 65535 Proto Specify the protocol 0 any 1 ICMP 2 ...

Page 760: ...inquiry for data transmission between the hosts located on both sides of VPN Tunnel while connecting Block When there is conflict occurred between the hosts on both sides of VPN Tunnel in connecting set it block data transmission of Netbios Naming Packet inside the tunnel E Ex xa am mp pl le e vpn NetBios set H2l 1 Pass Remote Dial In Profile Index 1 NetBios Block Pass PASS T Te el ln ne et t C Co...

Page 761: ...C Co om mm ma an nd d v vp pn n i ik ke e This command is used to display IKE memory status and leakage list S Sy yn nt ta ax x vpn ike q E Ex xa am mp pl le e vpn ike q IKE Memory Status and Leakage List of free L Buffer 95 minimum 94 leak 1 of free M Buffer 529 minimum 529 leak 3 of free S Buffer 1199 minimum 1198 leak 1 of free Msgid Buffer 1024 minimum 1024 T Te el ln ne et t C Co om mm ma an ...

Page 762: ...ss2nd on vpn pass2nd off S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description on off on the packets can pass through NAT off the packets cannot pass through NAT E Ex xa am mp pl le e vpn pass2nd on 2nd subnet is allowed to pass VPN tunnel T Te el ln ne et t C Co om mm ma an nd d v vp pn n p pa as ss s2 2n na at t This command allows users to determine if the packets passing t...

Page 763: ...e e wan ppp_mru 1 Now 1492 wan ppp_mru 1 1490 wan ppp_mru 1 Now 1490 wan ppp_mru 1 1492 wan ppp_mru 1 Now 1492 T Te el ln ne et t C Co om mm ma an nd d w wa an n m mt tu u w wa an n m mt tu u2 2 This command allows users to adjust the size of MTU MTU2 for WAN S Sy yn nt ta ax x wan mtu value wan mtu2 value S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description value It means th...

Page 764: ...lows you to disable WAN connection E Ex xa am mp pl le e wan disable WAN WAN disabled T Te el ln ne et t C Co om mm ma an nd d w wa an n e en na ab bl le e This command allows you to disable wan connection E Ex xa am mp pl le e wan enable WAN WAN1 enabled T Te el ln ne et t C Co om mm ma an nd d w wa an n f fo or rw wa ar rd d This command allows you to enable or disable the function of WAN forwar...

Page 765: ...X Rate Bps 0 RX Packets 0 RX Rate Bps 0 PVC_WAN5 Offline stall N Mode Up Time 00 00 00 IP GW IP TX Packets 0 TX Rate Bps 0 RX Packets 0 RX Rate Bps 0 T Te el ln ne et t C Co om mm ma an nd d w wa an n d de et te ec ct t This command allows you to Ping a specified IP to detect the WAN connection static IP or PPPoE mode S Sy yn nt ta ax x wan detect wan1 on off always_on wan detect wan1 target ip ad...

Page 766: ...Target 192 168 1 78 TTL 255 WAN2 off WAN3 off WAN4 off WAN5 off T Te el ln ne et t C Co om mm ma an nd d w wa an n l lb b This command allows you to Enable Disable for each WAN to join auto load balance member S Sy yn nt ta ax x wan lb wan1 wan2 on wan lb wan1 wan2 off S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description wan1 wan2 It means to specify which WAN will be applied...

Page 767: ...or the specific channel clear It means to turn off clear the port tag tag_no It means to tag a number for the VLAN 1 No need to add tag number 1 4095 Available setting numbers used as tagged number service type It means to specify the service type for VLAN 0 Normal 1 IGMP vlan priority It means to specify the priority for the VALN setting Range is from 0 to 7 px It means LAN port Available setting...

Page 768: ...el 7 uplink ifno 3 T Te el ln ne et t C Co om mm ma an nd d w wa an n v vl la an n This command allows you to tag packets on WAN VLAN with specified number S Sy yn nt ta ax x wan vlan wan adsl tag value wan vlan wan adsl enable disable wan vlan wan adsl pri value wan vlan wan vdsl tag value wan vlan wan vdsl enable disable wan vlan wan vdsl pri value wan vlan stat S Sy yn nt ta ax x D De es sc cr ...

Page 769: ...e is selected WAN budget will be refreshed on 5th day at 10 00 in each month If periodic mode is selected WAN budget will be refreshed every 5 days and 10 hours enable disable enable Enable the function of wan budget disable Disable the function of wan budget thres budget limit MB Specify the maximum value for WAN budget limit Unit MB budget limit Type a number gthres budget limit GB Specify the m...

Page 770: ...ize Set the MTU size base for Discovery base_size Available setting is 1000 1500 d decrease size Set the MTU size to decrease between detections decrease size Available setting is 1 100 c count Set the maximum times of ping failure during a Discovery count Available settings are 1 10 Default value is 3 E Ex xa am mp pl le e wan detect_mtu w 2 i 8 8 8 8 s 1500 d 30 c 10 detecting mtu size 1500 mtu ...

Page 771: ... l 1 2 s ssid It means to specify the WLAN interface SSID1 SSID4 for applying the function m message Redirect to message u url Redirect to url f url Redirect to url and force the user to click on the button to proceed e Enable the profile d Disable the profile i Display the content of the profile c Reset all of the settings x 0 1 2 Change the priority of the profile 0 none 1 wptl 2 usermgt h 0 1 D...

Page 772: ...rmat xx xx xx xx xx xx or xx xx xx xx xx xx or xx xx xx xx xx xx del MAC It means to delete a MAC address entry defined in the access control list mode ssid1 ssid2 ssid3 ssid4 white black It means to set white black list for each SSID wl acl show It means to show access control status wl acl showmode It means to show the mode for each SSID wl acl clean It means to clean all access control setting ...

Page 773: ... means to define the length of the sync field in an 802 11 packet Most modern wireless network uses short preamble with 56 bit sync field instead of long preamble with 128 bit sync field However some original 11b wireless network devices only support long preamble 0 disable to use long preamble 1 enable to use long preamble txburst enable It means to enhance the performance in data transmission ab...

Page 774: ...he unit is kbps isolate ssid_num lan member It means to isolate the wireless connection for LAN and or Member lan It can make the wireless clients stations with remote dial and LAN to LAN users not accessing for each other member It can make the wireless clients stations with the same SSID not accessing for each other E Ex xa am mp pl le e wl config mode 11bgn Current mode is 11bgn Note Please res...

Page 775: ...is function at the same time 0 disable the function 1 enable the function E Ex xa am mp pl le e wl set MKT 2 on New Wlan Setting is SSID MKT Chan 2 Wl is Enable T Te el ln ne et t C Co om mm ma an nd d w wl l a ac ct t This command allows users to activate wireless settings S Sy yn nt ta ax x wl act En S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description En It means to enable...

Page 776: ...PA2 Only 3 means WPA Only E Ex xa am mp pl le e wl wpa 1 T Te el ln ne et t C Co om mm ma an nd d w wl l w wm mm m This command allows users to set WMM for wireless connection It defines the priority levels for four access categories derived from 802 1d prioritization tabs S Sy yn nt ta ax x wl wmm ap QueIdx Aifsn Cwmin Cwmax Txop ACM wl wmm bss QueIdx Aifsn Cwmin Cwmax Txop ACM wl wmm ack Que0_Ac...

Page 777: ... am mp pl le e wl wmm ap 0 3 4 6 0 0 QueIdx 0 APAifsn 3 APCwmin 4 APCwmax 6 APTxop 0 APACM 0 wl wmm enable 1 0 1 0 WMM_SSID0 1 WMM_SSID1 0 WMM_SSID2 1 WMM_SSID3 0 wl wmm show Enable WMM SSID0 1 SSID1 0 SSID2 1 SSID3 0 APSD 0 QueIdx 0 APAifsn 3 APCwmin 4 APCwmax 6 APTxop 0 APACM 0 QueIdx 1 APAifsn 7 APCwmin 4 APCwmax 10 APTxop 0 APACM 0 QueIdx 2 APAifsn 1 APCwmin 3 APCwmax 4 APTxop 94 APACM 0 QueId...

Page 778: ...e is 0 for disabling and 1 for enabling wl ht txpower value The value you can type ranges from 1 6 level wl ht antenna value The value you can type ranges from 0 3 0 2T3R 1 2T2R 2 1T2R 3 1T1R wl ht greenfield value The value you can type is 0 for mixed mode and 1 for green field E Ex xa am mp pl le e wl ht bw value 1 BW 0 Note Please restart wireless after you set new parameters wl restart Wireles...

Page 779: ... digit format e g wl dual wds security disable wl dual wds security wep 12345 wl dual wds security wpa2psk 12345678 ap value It means to enable or disable the AP function Value 1 enable the function 0 disable the function hello value It means to send hello message to remote end peer Value 1 enable the function 0 disable the function status It means to display WDS link status for 2 4GHz connection ...

Page 780: ... nd d w wl l s se et t8 80 02 21 1x x This command allows you to configure the external or internal server used by Vigor router for wireless authentication S Sy yn nt ta ax x wl set8021x t 0 1 wl set8021x v S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description t Specify the type external or internal of wireless authentication server 0 Indicate the external RADIUS server 1 Indi...

Page 781: ...ly PAP 1 is PAP CHAP MS CHAP MS CHAPv2 client add Speicfy a client to be authenticated by RADIUS server by typing required information as follows i address client IPv4 address domain m mask client IPv4 mask p prefix client IPv6 prefix l length client IPv6 prefix length s secret client secret ex radius client add 1 i 192 168 1 1 m 255 255 255 0 s 123 client del Delete related settings for selected ...

Page 782: ...n pass through NAT and wake up the LAN client This command will allow the user to choose whether WoL packets can be passed from the Internet to the LAN network from a specific WAN interface idx ip address mask It means the index number from 1 to 4 These commands will allow the user to configure the LAN clients that the user may wake up from the Internet through the use of the WoL packet ip address...

Page 783: ...gger the alert tool to do authentication r user name all Remove the user record user name type the name of the user profile all all of the user profile settings will be removed s It means to set login service 0 HTTPS 1 HTTP e g s 1 buser user name b ip ip address Block specifies user or IP address user name type the user name that you want to block ip address type the IP address that you want to b...

Page 784: ...iew user profile s w Param It means to specify the data quota unit MB GB e g w MB x Param It means to set external server authentication 0 None 1 LDAP 2 Radius 3 TACACS e g x 2 l Param It means to set log type 0 None 1 Login 2 Event 3 All P Param It means to set pop browser tracking window 0 Disable 1 Enable T Param It means to set Authentication by Telnet 0 Disable 1 Enable H Param It means to se...

Page 785: ...on view It means to display current status of APP QoS enable 0 1 It means to enable or disable the function of APP QoS traceable untraceable The APPs are divided into traceable and untraceable based on their properties v It means to view the content of all traceable APs Use appqos traceable v to display all of the traceable APS with speficed index number Use appqos untraceable v to display all of ...

Page 786: ...0x07f80000 unused 1021 0x07fa0000 unused 1022 0x07fc0000 unused 1023 0x07fe0000 unused T Te el ln ne et t C Co om mm ma an nd d a ap pm m s sh ho ow w c cl le ea ar r d di is sc co ov ve er r q qu ue er ry y The apm command s is use to display remove discover or query the information of VigorAP registered to Vigor2952 S Sy yn nt ta ax x apm show apm clear apm discover apm query S Sy yn nt ta ax x ...

Page 787: ...ed reset It is used to reset to factory settings for WLAN profile summary It is used to list all of the APM profiles with required information show It is used to display specified APM profile apply It is used to apply the selected APM profile onto specified VigorAP from index Type an index number in this field It is the original APM profile to be cloned to other APM profile to index Type an index ...

Page 788: ...le e apm cache show MAC Name Auth T Te el ln ne et t C Co om mm ma an nd d a ap pm m l lb bc cf fg g This command allows to set parameters related to AP management control S Sy yn nt ta ax x apm lbcfg set value apm lbcfg show S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description set It means to set the load balance configuration file for APM Show It shows the configuration val...

Page 789: ... the unit of traffic limit for upload 1 Mbps 0 kbps 10 The tenth number means to determine the unit of traffic limit for download 1 Mbps 0 kbps E Ex xa am mp pl le e apm lbcfg show apm LoadBalance Config 1 Enable LoadBalance 0 2 Enable station limit 0 3 Enable traffic limit 0 4 limit Number 64 5 Upload limit 0 6 Download limit 0 7 Enable disassociation by idle time 0 8 Enable disassociation by Sig...

Page 790: ...tication Key Key Max 31 Characters u 1 0 Enable or disable the function of Update DDNS 1 Enable When a router changes HA status to primary it will update DDNS automatically 0 Disable m interface Specify the management interface Interface LAN1 LAN8 DMZ s It means to get the newest status of other router except the local router y It means sync local config to other router Primary can executes this c...

Page 791: ...c g Show the settings of general setup E Ex xa am mp pl le e ha show g High Availability Disable Redundancy Method Active Standby Group ID 1 Priority ID 10 Preempt Mode Enable Update DDNS Disable Management Interface LAN1 Authentication Key draytek Syslog OFF Index Enable Virtual IP LAN1 0 0 0 0 LAN2 0 0 0 0 LAN3 0 0 0 0 LAN4 0 0 0 0 LAN5 0 0 0 0 LAN6 0 0 0 0 LAN7 0 0 0 0 LAN8 0 0 0 0 DMZ 0 0 0 0 ...

Page 792: ...E Ex xa am mp pl le e ha status m 2 Local Router DrayTek IPv4 192 168 1 1 Status High Availability Disable Redundancy Method Active Standby Group ID 1 Priority ID 10 Preempt Mode Enable Update DDNS Disable Management Interface LAN1 Authentication Key draytek Virtual IP Max 7 Virtual IPs OFF Config Sync Disable Config Sync Interval 0 Day 0 Hour 15 Minute Cached Time 0 s ha status m 0 Local Router D...

Page 793: ...ri LAN WLAN 2 4G 0 LAN2 Off 0 0 P1 P2 P3 P4 P5 P6 none none 1 LAN1 On 20 0 P1 P2 P3 P4 P5 P6 none none 2 LAN1 On 30 0 P1 P2 P3 P4 P5 P6 none none T Te el ln ne et t C Co om mm ma an nd d s sw wm m g ge et t This command is used to get configuration information of VigorSwitch which connecting to Vigor router in LAN Before using such command make sure VigorSwitch has been managed under Vigor router ...

Page 794: ...on show Display recorded external switch MAC address list clear Clear specific index of authentication record table Index range 1 30 E Ex xa am mp pl le e swm auth show SWM Auth Records List Index Model Mac 1 G2261 00507ff0c33c T Te el ln ne et t C Co om mm ma an nd d s sw wm m e ex xt tv vl la an n This command is used to configure port VLAN of VigorSwitch Before using such command make sure you ...

Page 795: ...VigorSwitch S Sy yn nt ta ax x swm disable T Te el ln ne et t C Co om mm ma an nd d s sw wm m g gr ro ou up p This command is used to gather several VigorSwitch devices as a group S Sy yn nt ta ax x swm group set IDX NAME 1 PASSWD swm group set IDX NAME 0 swm group show swm group add IDX MAC swm group delete IDX MAC S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description IDX Typ...

Page 796: ...router by typing the MAC address delete Remove the specified switch from Vigor router by typing the MAC address show Display all the switch devices managed under Vigor router Enable_all Enable all of the switch devices Disable_all Disable all of the switch devices MAC Type the MAC address of the VigorSwitch E Ex xa am mp pl le e swm profile show Name IP Address MAC Model Group P2261 192 168 1 226 ...

Page 797: ...the switches status MAC PORT FLAG SCHED1 SCHED2 DESCRIPTION Modify the port description for specific switch E Ex xa am mp pl le e swm detail show Idx Name MAC Comment Config Status 1 P2261 00507ff0c33c justfortest 1 None Connect T Te el ln ne et t C Co om mm ma an nd d s sw wm m m ma ai in nt ta ai in n This command is used to reboot reset VigorSwitch or display the status of VigorSwitch S Sy yn n...

Page 798: ...cr ri ip pt ti io on n Parameter Description sys MAC Type the MAC address of the VigorSwitch to display the SNMP system information Iftbl MAC port_num Type the MAC address and the port number of the VigorSwitch to display SNMP port interface information E Ex xa am mp pl le e swm snmp sys 00507ff0c33c sysDescr 20 Port 10 100 1000Base T 4 TP 100 1G SFP Combo 2 100 1G SFP Po E L2 Plus Managed Switch ...

Page 799: ... Disabled Syslog 0 1 Enable or disable the poe log recorded in Syslog 0 Disable 1 Enable PORT e 0 1 Enable or disable the power supply for PoE port 0 Disable 1 Enable PORT p 15 30 Set the power limit for PoE port 15 30 the power limit PORT s 1 15 1 15 Set the schedule for PoE port 1 15 The index number of the schedule profile PORT P 1 Apply the power cycle PORT E 0 1 Enable or disable the function...

Page 800: ...ri ip pt ti io on n Parameter Description c Display configuration settings of PoE p Display the Ping check settings of PoE s Display the LAN port status of PoE E Ex xa am mp pl le e poe show c PoE mode Manual Syslog Enable Total Power 60 Watt Port Enable Power Limit Watt Schedule 1 On 15 0 0 2 15 0 0 3 15 0 0 4 15 0 0 Notice If there is any change in config PoE will apply power cycle Warning The p...

Page 801: ...de 789 T Te el ln ne et t C Co om mm ma an nd d p po oe e s se et td de ef fa au ul lt t This command is used to return to default settings for PoE S Sy yn nt ta ax x poe setdefault E Ex xa am mp pl le e poe setdefault setdefault ...

Page 802: ...Vigor2952 Series User s Guide 790 This page is left blank ...

Page 803: ... Android 593 Anonymous 163 Antenna 228 AP Discovery 230 AP Maintenance 473 481 AP Map 473 482 APN Name 39 40 68 70 APP Enforcement Filter 335 APP Enforcement Profile 336 APP QoS 408 APPE Signature Upgrade 338 Applied Interfaces 127 Apply Settings to APs 368 APSD Capable 228 ARP Cache Table 555 ARP Detect 59 61 68 70 ARP Table 121 508 Auth Algorithm 383 Auth Password 383 Authentication 160 Authenti...

Page 804: ...158 517 Details Page 57 Details Page for 3G 4G USB Modem DHCP mode 69 Details Page for 3G 4G USB Modem PPP mode 67 Details Page for IP Routed Subnet 116 Details Page for IPv6 6in4 Static Tunnel 79 Details Page for IPv6 6rd 81 Details Page for IPv6 AICCU 74 Details Page for IPv6 DHCPv6 Client 76 Details Page for IPv6 Offline 71 Details Page for IPv6 PPP 71 Details Page for IPv6 Static IPv6 78 Detai...

Page 805: ...Gateway 35 Gateway IP Address 187 Gateway IPv6 Address 188 General Setup WAN 50 Get Community 382 Google Map 461 GRE over IPsec 264 Group Distinguished Name 164 Group ID 166 175 Group Name 294 Guard Interval 227 GUI Map 23 H Hardware Acceleration 206 Hardware Installation 7 Hide SSID 216 High Availability 173 High Availability Status 568 Home Folder 540 Hop Limt 113 Host Name 37 Hot Standby 174 I ...

Page 806: ...6 Lease Time 110 Limited_bandwidth Ratio 404 Line Speed 52 55 Load Balance 52 53 55 184 488 Load Balance Algorithm 273 Load Balance for AP 473 Load Balance Mode 50 Load Balance Route Policy 189 Local 802 1X 393 426 Local 802 1X General Setup 179 Local Address 405 Local Certificate 242 260 297 Local ID 242 246 256 291 Log Alert 463 Login Name 149 Login Page Greeting 374 421 Login Password 498 Logou...

Page 807: ...ion 26 Physical Members 86 Physical Mode 51 52 Physical Type 52 53 PIN Code 255 290 PinCode 223 Ping Detect 59 61 68 70 Ping Diagnosis 560 Ping Interval 68 70 PING Interval 61 Ping IP 59 61 Ping IP Hostname 81 Ping Retry 68 70 PING to the IP 61 259 PoE 4 129 PoE General Setup 129 PoE Status 131 Policy 424 Polling Interval 455 Port Priority 131 Port Redirection 134 Port Triggering 143 Port based Br...

Page 808: ...ore Firewall 309 RIP 105 RIP Protocol 62 RIP Protocol Control 109 RIPng Protocol 71 76 79 113 Root CA 301 Round Robin 273 Router Advertisement Configuration 113 Router Name 378 384 Routing 184 Routing Table 508 554 RTS Threshold 229 Rule Based 420 Run Once 460 RX rate 563 S Scaling 288 Schedule 130 146 156 217 Schedule Setup 157 Screen Size 288 Secondary DNS 35 128 Secondary IP Address 110 Secret ...

Page 809: ...e 253 Subnet 291 Subnet Address 509 Subnet Mask 35 187 510 Subnet Prefix 74 Support List 503 Switch Group 500 Switch Hierarchy 496 Switch Maintenance 502 Switch Name 495 Switch Profile 497 Switch Status 494 Sync User Profile 179 Syslog Explorer 566 Syslog Type 570 SysLog Mail Alert 378 System Maintenance 364 System Status 365 T TACACS 294 Tag value 52 53 Tagged VLAN 118 TCP IP Network Settings 264...

Page 810: ...g insertion 52 53 VNC 288 VoIP SIP RTP 401 VPN 235 VPN Backup Mechanism 267 VPN Client Wizard 237 VPN Dial Out Through 241 259 VPN Load Balance Mechanism 267 VPN Load Balance Policy 273 VPN Management 462 VPN Server Wizard 244 VPN Trunk Management 267 W Wake on LAN 147 167 Wall Mounted Installation 8 WAN 48 WAN Budget 88 WAN Budget Status 90 WAN Connection Detection 59 61 68 70 WAN Failure 52 53 5...

Page 811: ...Vigor2952 Series User s Guide 799 WLAN 210 WLAN ACL 476 WLAN Advanced Setting 227 WLAN Isolation 211 WLAN Profile 476 WMM Capable 228 WPA 211 219 WPS 221 ...

Reviews: