background image

 

 

 

 

 

 

 

 

Vigor2950  

Security VPN Router

 

User’s Guide 

 

 

 

 

 

 

 

 

 

 

 

Version: 3.0 

Date: 2007/11/23 

 

Copyright 2007 All rights reserved.   

This publication contains information that is protected by copyright. No part may be reproduced, transmitted, 

transcribed, stored in a retrieval system, or translated into any language without written permission from the copyright 

holders. The scope of delivery and other details are subject to change without prior notice. 

Microsoft is a registered trademark of Microsoft Corp. 

Windows, Windows 95, 98, Me, NT, 2000, XP and Explorer are trademarks of Microsoft Corp. 

Apple and Mac OS are registered trademarks of Apple Computer Inc. 

Other products may be trademarks or registered trademarks of their respective manufacturers.

 

Содержание Vigor 2950

Страница 1: ...translated into any language without written permission from the copyright holders The scope of delivery and other details are subject to change without prior notice Microsoft is a registered trademark of Microsoft Corp Windows Windows 95 98 Me NT 2000 XP and Explorer are trademarks of Microsoft Corp Apple and Mac OS are registered trademarks of Apple Computer Inc Other products may be trademarks ...

Страница 2: ...s on conservation of the environment Warranty We warrant to the original end user purchaser that the router will be free from any defects in workmanship or materials for a period of two 2 years from the date of purchase from the dealer Please keep your purchase receipt in a safe place as it serves as proof of date of purchase During the warranty period and upon proof of purchase should the product...

Страница 3: ...e is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the use is encouraged to try to correct the interference by one of the following measures z Reorient or relocate the receiving antenna z Increase the separation between the equi...

Страница 4: ... 9 2 2 1 PPPoE 10 2 2 2 PPTP 12 2 2 3 L2TP 13 2 2 4 Static IP 14 2 2 5 DHCP 15 2 3 Online Status 重抓 Vivian 16 2 4 Saving Configuration 18 3 AdvancedWebConfiguration 19 3 1 WAN 19 3 1 1 Basics of Internet Protocol IP Network 19 3 1 2 General Setup 20 3 1 3 Internet Access 22 3 1 4 Load Balance Policy 28 3 2 LAN 31 3 2 1 Basics of LAN 31 3 2 2 General Setup 33 3 2 3 Static Route 35 3 2 4 Bind IP to ...

Страница 5: ...General Setup 87 3 8 4 IPSec Peer Identity 88 3 8 5 Remote Dial in User 90 3 8 6 LAN to LAN 93 3 8 7 VPN TRUNK Management 102 3 8 8 Connection Management 113 3 9 Certificate Management 115 3 9 1 Local Certificate 115 3 9 2 Trusted CA Certificate 117 3 9 3 Certificate Backup 118 3 10 ISDN 118 3 10 1 Basic Concept 118 3 10 2 General Settings 119 3 10 3 Dial to Single Dual ISPs 120 3 10 4 Virtual TA ...

Страница 6: ...amples 165 4 1 Create a LAN to LAN Connection Between Remote Office and Headquarter 165 4 2 Create a Remote Dial in User Connection Between the Teleworker and Headquarter 172 4 3 QoS Setting Example 176 4 4 LAN Created by Using NAT 178 4 5 Upgrade Firmware for Your Router 180 4 6 Request a certificate from a CA server on Windows CA Server 183 4 7 Request a CA Certificate and Set as Trusted on Wind...

Страница 7: ...s are defined as the following Save and apply current settings Cancel current settings and recover to the previous saved settings Clear all the selections and parameters settings including selection from drop down list All the values must be reset with factory default settings Add new settings for specified item Edit the settings for the selected item Delete the selected item with the correspondin...

Страница 8: ...ing The data is transmitting On The port is connected with 100Mbps Off The port is disconnected 100 left LED Blinking The data is transmitting On The port is connected with 1000Mbps Off The port is disconnected LAN Monitor LAN 1000 right LED Blinking The data is transmitting Interface Description RST Factory Reset Restore the default settings Usage Turn on the router ACT LED is blinking Press the ...

Страница 9: ... with 100Mbps Off The port is disconnected WAN 100 right LED Blinking The data is transmitting On The port is connected with 100Mbps Off The port is disconnected 100 left LED Blinking The data is transmitting On The port is connected with 1000Mbps Off The port is disconnected LAN Monitor LAN 1000 right LED Blinking The data is transmitting Interface Description RST Factory Reset Restore the defaul...

Страница 10: ...AN 100 right LED Blinking The data is transmitting On The port is connected with 100Mbps Off The port is disconnected 100 left LED Blinking The data is transmitting On The port is connected with 1000Mbps Off The port is disconnected LAN Monitor LAN 1000 right LED Blinking The data is transmitting Interface Description RST Factory Reset Restore the default settings Usage Turn on the router ACT LED ...

Страница 11: ... The port is connected with 100Mbps Off The port is disconnected WAN 100 right LED Blinking The data is transmitting On The port is connected with 100Mbps Off The port is disconnected 100 left LED Blinking The data is transmitting On The port is connected with 1000Mbps Off The port is disconnected LAN Monitor LAN 1000 right LED Blinking The data is transmitting Interface Description RST Factory Re...

Страница 12: ...onnect one end of an Ethernet cable RJ 45 to one of the LAN ports of the router and the other end of the cable RJ 45 into the Ethernet port on your computer that device also can connect to other computers to form a small area network The LAN LED Left or Right will light up according to the network card feature 1000 or 100 of the device that it connected 5 Connect a cable Modem DSL Modem Media Conv...

Страница 13: ...password for this device you have to access into the web browse with default password first 1 Make sure your computer connects to the router correctly Notice You may either simply set up your computer to get IP dynamically from the router or set up the IP address of the computer to be the same subnet as the default IP address of Vigor router 192 168 1 1 For the detailed information please refer to...

Страница 14: ...er the login password the default is blank on the field of Old Password Type a new one in the field of New Password and retype it on the field of Retype New Password Then click OK to continue 6 Now the password has been changed Next time use the new password to access the Web Configurator for this router ...

Страница 15: ...is entering login password After typing the password please click Next On the next page as shown below please select the WAN interface that you use Choose Auto negotiation as the physical type for your router Then click Next for next step On the next page as shown below please select the appropriate Internet access type according to the information from your ISP For example you should select PPPoE...

Страница 16: ...onnects users through an Ethernet to the Internet with a common broadband medium such as a single DSL line wireless device or cable modem All the users over the Ethernet can share a common connection PPPoE is used for most of DSL modem users All local users can share one PPPoE connection for accessing the Internet Your service provider will provide you information about user name password and auth...

Страница 17: ...valid password provided by the ISP Confirm Password Retype the password to confirm it Click Next for viewing summary of such connection Click Finish A page of Quick Start Wizard Setup OK will appear Then the system status of this protocol will be shown ...

Страница 18: ...lick PPTP as the protocol Type in all the information that your ISP provides for this protocol Click Next for viewing summary of such connection Click Finish A page of Quick Start Wizard Setup OK will appear Then the system status of this protocol will be shown ...

Страница 19: ...s User s Guide 13 2 2 2 2 3 3 L L2 2T TP P Click L2TP as the protocol Type in all the information that your ISP provides for this protocol After finishing the settings in this page click Next to see the following page ...

Страница 20: ... IP as the protocol Type in all the information that your ISP provides for this protocol After finishing the settings in this page click Next to see the following page Click Finish A page of Quick Start Wizard Setup OK will appear Then the system status of this protocol will be shown ...

Страница 21: ...e protocol Type in all the information that your ISP provides for this protocol After finishing the settings in this page click Next to see the following page Click Finish A page of Quick Start Wizard Setup OK will appear Then the system status of this protocol will be shown ...

Страница 22: ...atus WAN status ADSL Information and other status related to this router within one page If you select PPPoE PPTP as the protocol you will find out a link of Dial PPPoE PPPoA or Drop PPPoE PPPoA in the Online Status web page Online status for PPPoE Online status for PPTP for WAN2 Online status for Static IP for WAN1 ...

Страница 23: ...isplays the IP address of the WAN interface GW IP Displays the IP address of the default gateway TX Packets Displays the total transmitted packets at the WAN interface TX Rate Displays the speed of transmitted octets at the WAN interface RX Packets Displays the total number of received packets at the WAN interface RX Rate Displays the speed of received octets at the WAN interface ISDN Status Chann...

Страница 24: ... words in red mean that the WAN connection of that interface WAN1 WAN2 is not ready for accessing Internet 2 2 4 4 S Sa av vi in ng g C Co on nf fi ig gu ur ra at ti io on n Each time you click OK on the web page for saving the configuration you can find messages showing the system interaction with you Ready indicates the system is ready for you to input settings Settings Saved means your settings...

Страница 25: ...255 255 From 192 168 0 0 to 192 168 255 255 W Wh ha at t a ar re e P Pu ub bl li ic c I IP P A Ad dd dr re es ss s a an nd d P Pr ri iv va at te e I IP P A Ad dd dr re es ss s As the router plays a role to manage and further protect its LAN it interconnects groups of host PCs Each of them has a private IP address assigned by the built in DHCP server of the Vigor router The router itself will also ...

Страница 26: ...ecommunication service such as DSL Cable modem etc If any connection problem occurred on one of the ISP connections all the traffic will be guided and switched to the normal communication port for proper operation Please configure WAN1 and WAN2 settings This webpage allows you to set general setup for WAN1 and WAN respectively Note In default WAN1 and WAN2 are enabled Enable Choose Yes to invoke t...

Страница 27: ...PPPoE and PPTP access modes in the Details Page of WAN Internet Access In addition there are three selections for you to choose for different purposes WAN2 Fail It means the connection for WAN1 will be activated when WAN2 is failed WAN2 Upload speed exceed XX kbps It means the connection for WAN1 will be activated when WAN2 Upload speed exceed certain value that you set in this box for 15 seconds ...

Страница 28: ... Internet WAN2 is the optional WAN interface for accessing into the Internet when WAN 1 is inactive for some reason Display Name It shows the name of the WAN1 WAN2 that entered in general setup Physical Mode It shows the physical port for WAN1 WAN2 Access Mode Use the drop down list to choose a proper access mode The details page of that mode will be popped up If not click Details Page for accessi...

Страница 29: ... 15 in Schedule Setup You can type in four sets of time schedule for your request All the schedules can be set previously in Application Schedule web page and you can use the number that you have set in that web page ISDN Dial Backup Setup This setting is available for the routers supporting ISDN function only Before utilizing the ISDN dial backup feature you must create a dial backup profile firs...

Страница 30: ...them on the WAN interface please use WAN IP Alias You can set up to 8 public IP addresses other than the current one you are using Fixed IP Click Yes to use this function and type in a fixed IP address in the box of Fixed IP Address Default MAC Address You can use Default MAC Address or specify another MAC address by typing on the boxes of MAC Address for the router Specify a MAC Address Type the ...

Страница 31: ...on Packet Trigger The backup line is not on until a packet from a local host triggers the router to establish a connection This setting is available for i model only Keep WAN Connection Normally this function is designed for Dynamic IP environments because some ISPs will drop connections if there is no traffic within certain periods of time Check Enable PING to keep alive box to activate this func...

Страница 32: ...ss automatically Click this button to obtain the IP address automatically if you want to use Dynamic IP mode Router Name Type in the router name provided by ISP Domain Name Type in the domain name that you have assigned Specify an IP address Click this radio button to specify some data if you want to use Static IP mode IP Address Type the IP address Subnet Mask Type the subnet mask Gateway IP Addr...

Страница 33: ... Access Setup Username Type in the username provided by ISP in this field Password Type in the password provided by ISP in this field Index 1 15 in Schedule Setup You can type in four sets of time schedule for your request All the schedules can be set previously in Application Schedule web page and you can use the number that you have set in that web page ISDN Dial Backup Setup This setting is ava...

Страница 34: ...ic IP addresses and would like to utilize them on the WAN interface please use WAN IP Alias You can set up to 8 public IP addresses other than the current one you are using Notice that this setting is available for WAN1 only Default MAC Address Click this radio button to use default MAC address for the router Specify a MAC Address Some Cable service providers specify a specific MAC address for acc...

Страница 35: ...nto the load balance policy configuration web page Enable Check this box to enable this policy Protocol Use the drop down menu to change the protocol for the WAN interface WAN Use the drop down menu to change the WAN interface Src IP Start Displays the IP address for the start of the source IP Src IP End Displays the IP address for the end of the source IP Dest IP Start Displays the IP address for...

Страница 36: ...blank it means that all the source IPs inside the LAN will be passed through the WAN interface Dest IP Start Type the destination IP start for the specified WAN interface Dest IP End Type the destination IP end for the specified WAN interface If this field is blank it means that all the destination IPs will be passed through the WAN interface Dest Port Start Type the destination port start for the...

Страница 37: ...T does is to translate the packets from public IP address to private IP address to forward the right packets to the right host and vice versa Besides Vigor router has a built in DHCP server that assigns private IP address to each local host See the following diagram for a briefly understanding In some special case you may have a public IP subnet from your ISP such as 220 135 240 0 24 This means th...

Страница 38: ...St ta at ti ic c R Ro ou ut te e When you have several subnets in your LAN sometimes a more effective and quicker way for connection is the Static routes function rather than other method You may simply set rules to forward data from one specified subnet to another specified subnet without the presence of RIP W Wh ha at t a ar re e V Vi ir rt tu ua al l L LA AN Ns s a an nd d R Ra at te e C Co on ...

Страница 39: ...ult 192 168 1 1 1st Subnet Mask Type in an address code that determines the size of the network Default 255 255 255 0 24 For IP Routing Usage Click Enable to invoke this function The default setting is Disable 2nd IPAddress Type in secondary IP address for connecting to a subnet Default 192 168 2 1 24 2nd Subnet Mask An address code that determines the size of the network Default 255 255 255 0 24 ...

Страница 40: ... RIP information of the 2nd subnet with neighboring routers DHCP Server Configuration DHCP stands for Dynamic Host Configuration Protocol The router by factory default acts a DHCP server for your network so it automatically dispatch related IP settings to any local user configured as a DHCP client It is highly recommended that you leave the router enabled as a DHCP server if you do not have a DHCP...

Страница 41: ...cally apply default DNS Server IP address 194 109 6 66 to this field Secondary IPAddress You can specify secondary DNS server IP address here because your ISP often provides you more than one DNS Server If your ISP does not provide it the router will automatically apply default secondary DNS Server IP address 194 98 0 1 to this field The default DNS Server IP address can be found via Online Status...

Страница 42: ...o that user A and B locating in different subnet can talk to each other via the router Assuming the Internet access has been configured and the router works properly z use the Main Router to surf the Internet z create a private subnet 192 168 10 0 using an internal Router A 192 168 1 2 z create a public subnet 211 100 88 0 via an internal Router B 192 168 1 3 z have set Main Router 192 168 1 1 as ...

Страница 43: ...and continuously exchange of IP routing information with different subnets 2 Click the LAN Static Route and click on the Index Number 1 Check the Enable box Please add a static route as shown below which regulates all packets destined to 192 168 10 0 will be forwarded to 192 168 1 2 Click OK 3 Return to Static Route Setup page Click on another Index Number to add another static route as show below...

Страница 44: ...disable this function All the settings on this page will be invalid Strict Bind Click this radio button to block the connection of the IP MAC which is not listed in IP Bind List ARP Table This table is the LAN ARP table of this router The information for IP and MAC will be displayed in this field Each pair of IP and MAC address listed in ARP table can be selected and added to IP Bind List by click...

Страница 45: ...address of the router select the available public port and then forward it At the same time the router shall list an entry in a table to memorize this address port mapping relationship When the public server response the incoming traffic of course is destined to the router s public IP address and the router will do the inversion based on its table Therefore the internal host can communicate with e...

Страница 46: ...zed by all users Since the server is actually located inside the LAN the network well protected by NAT of the router and identified by its private IP address port the goal of Port Redirection function is to forward all access request with public IP address from external users to the mapping private IP address port of the server The port redirection can only apply to incoming traffic To use this fu...

Страница 47: ...as the starting point and the fourth digits in the second box as the end point Private Port Specify the private port number of the service offered by the internal host Active Check this box to activate the port mapping entry you have defined Note that the router has its own built in services servers such as Telnet HTTP and FTP etc Since the common port numbers of these services servers are all the...

Страница 48: ...b surfing and other such Internet activities from other clients will continue to work without inappropriate interruption DMZ Host allows a defined internal user to be totally exposed to the Internet which usually helps some special applications such as Netmeeting or Internet Games etc The inherent security properties of NAT are somewhat bypassed if you set up DMZ host We suggest you to add additio...

Страница 49: ...e PC Click this button and then a window will automatically pop up as depicted below The window consists of a list of private IP addresses of all hosts in your LAN network Select one private IP address in the list to be the DMZ host When you have selected one private IP from the above dialog the IP address will be shown on the following screen Click OK to save the setting ...

Страница 50: ... relative number for the particular entry that you want to offer service in a local host You should click the appropriate index number to edit or clear the corresponding entry Comment Specify the name for the defined network service WAN Interface Display the WAN interface for the entry Local IP Address Display the private IP address of the local host offering the service Status Display the state f...

Страница 51: ...rt configuration Local Computer Enter the private IP address of the local host or click Choose PC to select one Choose PC Click this button and subsequently a window having a list of private IP addresses of local hosts will automatically pop up Select the appropriate IP address of the local host in the list Protocol Specify the transport layer protocol It could be TCP UDP or none for selection Sta...

Страница 52: ...router to build an unwanted outgoing connection The most basic security concept is to set user name and password while you install your router The administrator login will prevent unauthorized access to the router configuration from your router If you did not set password during installation you can go to System Maintenance to set up your password F Fi ir re ew wa al ll l F Fa ac ci il li it ti ie...

Страница 53: ...ernet connection Data Filter is applied to incoming and outgoing traffic It will check packets according to the filter rules If legal the packet will pass the router The following illustrations are flow charts explaining how router will treat incoming traffic and outgoing traffic respectively S St ta at te ef fu ul l P Pa ac ck ke et t I In ns sp pe ec ct ti io on n S SP PI I Stateful inspection i...

Страница 54: ...nism to mitigate in a real time manner The below shows the attack types that DoS DDoS defense function can detect 1 SYN flood attack 2 UDP flood attack 3 ICMP flood attack 4 TCP Flag scan 5 Trace route 6 IP options 7 Unknown protocol 8 Land attack 9 Smurf attack 10 SYN fragment 11 ICMP fragment 12 Tear drop attack 13 Fraggle attack 14 Ping of Death attack 15 TCP UDP port scan C Co on nt te en nt t...

Страница 55: ...ided into 40 easy to understand categories This database is updated as frequent as daily by a global team of Internet researchers The server will look up the URL and return a category to your router Your Vigor router will then decide whether to allow access to this site according to the categories you have selected Please note that this action will not introduce any delay in your Web surfing becau...

Страница 56: ...profile selected here For detailed information refer to the section of CSM profile setup Some on line games for example Half Life will use lots of fragmented UDP packets to transfer game data Instinctively as a secure firewall Vigor router will reject these fragmented packets to prevent attack unless you enable Accept Incoming Fragmented UDP Packets By checking this box you can play these kinds of...

Страница 57: ...e Filter Rule index button to enter the Filter Rule setup page Check to enable the Filter Rule Check this box to enable the filter rule Comments Enter filter set comments description Maximum length is 14 character long Index 1 15 Set PCs on LAN to work at certain time interval only You may choose up to 4 schedules out of the 15 schedules pre defined in Applications Schedule setup The default setti...

Страница 58: ...se Group and Objects as the Address Type From the IP Group drop down list choose the one that you want to apply Or use the IP Object drop down list to choose the object that you want Service Type Click Edit to access into the following dialog to choose a suitable service type To set the service type manually please choose User defined as the Service Type and type them in this dialog In addition if...

Страница 59: ...ule only to packets that are too short to contain a complete header Filter Specifies the action to be taken when packets match the rule Block Immediately Packets matching the rule will be dropped immediately Pass Immediately Packets matching the rule will be passed immediately Block If No Further Match A packet matching the rule and that does not match further rules will be dropped Pass If No Furt...

Страница 60: ...f two IP filters call filter or data filter You may preset 12 call filters and data filters in Filter Setup and even link them in a serial manner Each filter set is composed by 7 filter rules which can be further defined After that in General Setup you may specify one set for call filter and one set for data filter to execute first ...

Страница 61: ...seconds respectively Enable UDP flood defense Check the box to activate the UDP flood defense function Once detecting the Threshold of the UDP packets from the Internet has exceeded the defined value the Vigor router will start to randomly discard the subsequent UDP packets for a period defined in Timeout The default setting for threshold and timeout are 150 packets per second and 10 seconds respe...

Страница 62: ...box to activate the Block fraggle Attack function Any broadcast UDP packets received from the Internet is blocked Activating the DoS DDoS defense functionality might block some legal packets For example when you activate the fraggle attack defense all broadcast UDP packets coming from the Internet are blocked Therefore the RIP packets from the Internet might be dropped Block TCP flag scan Check th...

Страница 63: ...col types greater than 100 are reserved and undefined at this time Therefore the router should have ability to detect and reject this kind of packets Warning Messages We provide Syslog function for user to retrieve message from Vigor router The user as a Syslog Server shall receive the report sending from Vigor router which is a Syslog Client All the warning messages related to DoS defense will be...

Страница 64: ...request that tries to retrieve the malicious code Click Firewall and click URL Content Filter to open the setup page Enable URL Access Control Check the box to activate URL Access Control Black List block those matching keyword Click this button to restrict accessing into the corresponding webpage with the keywords listed on the box below White List pass those matching keyword Click this button to...

Страница 65: ...mpressed file function to prevent someone from downloading any compressed file The following list shows the types of compressed files that can be blocked by the Vigor router zip rar arj ace cab sit Executable file Check the box to reject any downloading behavior of the executable file from the Internet exe com scr pif bas bat inf reg Cookie Check the box to filter out the cookie transmission from ...

Страница 66: ... guide 3 3 5 5 O Ob bj je ec ct ts s S Se et tt ti in ng gs s For IPs in a range and service ports in a limited range usually will be applied in configuring router s settings therefore we can define them with objects and bind them with groups for using conveniently Later we can select that object group that can apply it For example all the IPs in the same department can be defined with an IP objec...

Страница 67: ... Interface Choose a proper interface WAN LAN or Any For example the Direction setting in Edit Filter Rule will ask you specify IP or IP range for WAN or LAN or any IP address If you choose LAN as the Interface here and choose LAN as the direction setting in Edit Filter Rule then all the IP addresses specified with LAN interface will be opened for you to choose in Edit Filter Rule page Address Type...

Страница 68: ... IP Address Type the end IP address if the Range Address type is selected Subnet Mask Type the subnet mask if the Subnet Address type is selected Invert Select If it is checked all the IP addresses except the ones listed above will be applied later while it is chosen Below is an example of IP objects settings 3 3 5 5 2 2 I IP P G Gr ro ou up p This page allows you to bind several IP objects into o...

Страница 69: ...wed Interface Choose WAN LAN or Any to display all the available IP objects with the specified interface Available IP Objects All the available IP objects with the specified interface chosen above will be shown in this box Selected IP Objects Click button to add the selected IP objects in this box ...

Страница 70: ... detail Name Type a name for this profile Protocol Specify the protocol s which this profile will apply to Source Destination Port Source Port and the Destination Port column are available for TCP UDP protocol It can be ignored for other protocols The filter rule will filter out any port number when the first and last value are the same it indicates one port when the first and last values are diff...

Страница 71: ... are available for this service type the port number greater than this value is available the port number less than this value is available for this profile Below is an example of service type objects settings 3 3 5 5 4 4 S Se er rv vi ic ce e T Ty yp pe e G Gr ro ou up p This page allows you to bind several service types into one group Set to Factory Default Clear all profiles Click the number un...

Страница 72: ...this box Selected Service Type Objects Click button to add the selected IP objects in this box 3 3 5 5 5 5 C CS SM M P Pr ro of fi il le e You can define policy profiles for different policy of IM Instant Messenger P2P Peer to Peer application CSM profile can be used in Filter Setup page Set to Factory Default Clear all profiles Click the number under Index column for settings in detail ...

Страница 73: ...M Ma an na ag ge em me en nt t Below shows the menu items for Bandwidth Management 3 3 6 6 1 1 S Se es ss si io on ns s L Li im mi it t A PC with private IP address can access to the Internet via NAT router The router will generate the records of NAT sessions for such connection The P2P Peer to Peer applications e g BitTorrent always need many sessions for procession and also they will occupy over...

Страница 74: ...he end IP address for limit session Maximum Sessions Defines the available session number for each host in the specific range of IP addresses If you do not set the session number in this field the system will use the default session limit for the specific limitation you set for each index Add Adds the specific session limitation onto the list above Edit Allows you to edit the settings for the sele...

Страница 75: ...ine the default speed of the upstream for each computer in LAN Default RX limit Define the default speed of the downstream for each computer in LAN Limitation List Display a list of specific limitations that you set on this web page Start IP Define the start IP address for limit bandwidth End IP Define the end IP address for limit bandwidth TX limit Define the limitation for the speed of the upstr...

Страница 76: ...ing them for high priority service level enforcement throughout the network z Scheduling Based on classification of service level to assign packets to queues and associated service types The basic QoS implementation in Vigor routers is to classify and schedule packets based on the service type information in the IP header For instance to ensure the connection with the headquarter a teleworker may ...

Страница 77: ...Setup link to access into next page for the general setup of WAN 1 2 interface As to class rule simply click the Edit link to access into next for configuration You can configure general setup for the WAN interface edit the Class Rule and edit the Service Type for the Class Rule for your request G Ge en ne er ra al l S Se et tu up p f fo or r W WA AN N I In nt te er rf fa ac ce e When you click Se...

Страница 78: ...alue is 10000kbps WAN Outbound Bandwidth It allows you to set the connecting rate of data output for WAN For example if your ADSL supports 1M of downstream and 256K upstream please set 256kbps for this box The default value is 10000kbps Reserved Bandwidth Ratio It is reserved for the group index in the form of ratio of reserved bandwidth to upstream speed and reserved bandwidth to downstream speed...

Страница 79: ...he e C Cl la as ss s R Ru ul le e f fo or r Q Qo oS S The first three Class 1 to Class 3 class rules can be adjusted for your necessity To add edit or delete the class rule please click the Edit link of that one After you click the Edit link you will see the following page Now you can define the name for that Class In this case Test is used as the name of Class Index 1 ...

Страница 80: ...bnet Address you have to fill in Start IP address and Subnet Mask DiffServ CodePoint All the packets of data will be divided with different levels and will be processed according to the level type by the system Please assign one of the level of the data for processing with QoS control Service Type It determines the service type of the data for processing with QoS control It can also be edited You ...

Страница 81: ...e e f fo or r C Cl la as ss s R Ru ul le e To add a new service type edit or delete an existed service type please click the Edit link under Service Type field After you click the Edit link you will see the following page For adding a new service type click Add to open the following page ...

Страница 82: ...If you select Range you have to type in the starting port number and the end porting number on the boxes below Port Number Type in the starting port number and the end porting number here if you choose Range as the type By the way you can set up to 40 service types If you want to edit delete an existed service type please select the radio button of that one and click Edit Edit for modification ...

Страница 83: ...ynamic DNS feature you have to apply for free DDNS service to the DDNS service providers The router provides up to three accounts from three different DDNS service providers Basically Vigor routers are compatible with the DDNS services supplied by most popular DDNS service providers such as www dyndns org www no ip com www dtdns com www changeip com www dynamic nameserver com You should visit thei...

Страница 84: ... WAN Interface Select the WAN interface order to apply settings here Service Provider Select the service provider for the DDNS account Service Type Select a service type Dynamic Custom Static If you choose Custom you can modify the domain that is choosen in the Domain Name field Domain Name Type in a domain name that you applied previously Use the drop down list to choose the desired domain Login ...

Страница 85: ... System Maintenance Time and Date menu press Inquire Time button to set the Vigor router s clock to current time of your PC The clock will reset once if you power down or reset the router There is another way to set up time You can inquiry an NTP server a time server on the Internet to synchronize the router s clock This method can only be applied when the WAN connection has been built up Set to F...

Страница 86: ...Dial On Demand Specify the connection to be up when it has traffic on the line Once there is no traffic over idle timeout the connection will be down and never up again during the schedule Idle Timeout Specify the duration or period for the schedule How often Specify how often the schedule will be applied Once The schedule will be applied just once Weekdays Specify which days in one week should pe...

Страница 87: ...t is the most common method of authenticating and authorizing dial up and tunneled network users The built in RADIUS client feature enables the router to assist the remote dial in user or a wireless station and the RADIUS server in performing mutual authentication It enables centralized remote access authentication for network management Enable Check to enable RADIUS client feature Server IP Addre...

Страница 88: ...Messenger to allow full use of the voice video and messaging features Enable UPNP Service Accordingly you can enable either the Connection Control Service or Connection Status Service After setting Enable UPNP Service setting an icon of IP Broadband Connection on Router on Windows XP Network Connections will appear The connection status and control status will be able to be activated The NAT Trave...

Страница 89: ...e you need to ensure that you have applied the latest service packs and patches Non privileged users can control some router functions including removing and adding port mappings The UPnP function dynamically adds port mappings on behalf of some UPnP aware applications When the applications terminate abnormally these mappings may not be removed 3 3 7 7 5 5 W Wa ak ke e O On n L LA AN N A PC client...

Страница 90: ...by IP Address you have to choose the correct IP address IP Address The IP addresses that have been configured in Firewall Bind IP to MAC will be shown in this drop down list Choose the IP address from the drop down list that you want to wake up MAC Address Type any one of the MAC address of the binded PCs Wake Up Click this button to wake up the selected IP See the following figure The result will...

Страница 91: ...his feature can be applied for ISDN remote dial in or ISDN LAN to LAN connection in i series models 3 3 8 8 1 1 R Re em mo ot te e A Ac cc ce es ss s C Co on nt tr ro ol l Enable the necessary VPN service as you need If you intend to run a VPN server inside your LAN you should disable the VPN service of Vigor Router to allow VPN tunnel pass through as well as the appropriate NAT settings such as D...

Страница 92: ...se 40 bit to perform encryption prior to using 128 bit for encryption In other words if 128 bit MPPE encryption method is not available then 40 bit encryption scheme will be applied to encrypt the data Maximum MPPE This option indicates that the router will use the MPPE encryption scheme with maximum bits 128 bit to encrypt the data Mutual Authentication PAP The Mutual Authentication function is m...

Страница 93: ...packet e g L2TP over IPSec The Tunnel mode will not only add the AH ESP payload but also use a new IP header Tunneled IP header to encapsulate the whole original IP packet Authentication Header AH provides data authentication and integrity for IP packets passed between VPN peers This is achieved by a keyed one way hash function to the packet to create a message digest This digest will be put in th...

Страница 94: ...ction here you may edit a table of peer certificate for selection As shown below the router provides 200 entries of digital certificates for peer dial in users Set to Factory Default Click it to clear all indexes Index Click the number below Index to access into the setting page of IPSec Peer Identity Name Display the profile name of that index Click each index to edit one peer digital certificate...

Страница 95: ... to accept the peer with matching value The field can be IP Address Domain or E mail Address The box under the Type will appear according to the type you select and ask you to fill in corresponding setting Accept Subject Name Click to check the specific fields of digital signature to accept the peer with matching value The field includes Country C State ST Location L Organization O Organization Un...

Страница 96: ...erver through the built in RADIUS client function The following figure shows the summary table Set to Factory Default Click to clear all indexes Index Click the number below Index to access into the setting page of Remote Dial in User User Display the username for the specific dial in user of the LAN to LAN profile The symbol represents that the profile is empty Status Display the access state of ...

Страница 97: ...unnel Allow the remote dial in user to make an IPSec VPN connection through Internet L2TP Allow the remote dial in user to make a L2TP VPN connection through the Internet You can select to use L2TP alone or with IPSec Select from below None Do not apply the IPSec policy Accordingly the VPN connection employed the L2TP without IPSec policy can be viewed as one pure L2TP connection Nice to Have Appl...

Страница 98: ...509 Peer ID Profiles IPSec Security Method This group of fields is a must for IPSec Tunnels and L2TP with IPSec Policy when you specify the remote node Check the Medium DES 3DES or AES box as the security method Medium Authentication Header AH means data will be authenticated but not be encrypted By default this option is invoked You can uncheck it to disable it High Encapsulating Security Payload...

Страница 99: ...N tunnels simultaneously The following figure shows the summary table Set to Factory Default Click to clear all indexes Name Indicate the name of the LAN to LAN profile The symbol represents that the profile is empty Status Indicate the status of individual profiles The symbol V and X represent the profile to be active and inactive respectively Click each index to edit each profile and you will ge...

Страница 100: ...nly While connecting the router will use WAN1 as the only channel for VPN connection WAN2 First While connecting the router will use WAN2 as the first channel for VPN connection If WAN2 fails the router will use another WAN interface instead WAN2 Only While connecting the router will use WAN2 as the only channel for VPN connection Netbios Naming Packet Pass click it to have an inquiry for data tra...

Страница 101: ...or router will by no where to know this situation To resolve this dilemma by continuously sending PING packets to the remote host the Vigor router can know the true existence of this VPN connection and react accordingly This is independent of DPD dead peer detection ISDN Build ISDN LAN to LAN connection to remote network You should set up Link Type and identity like User Name and Password for the ...

Страница 102: ...r Identity IPSec Security Method This group of fields is a must for IPSec Tunnels and L2TP with IPSec Policy Medium Authentication Header AH means data will be authenticated but not be encrypted By default this option is active High ESP Encapsulating Security Payload means payload data will be encrypted and authenticated Select from below DES without Authentication Use DES encryption algorithm and...

Страница 103: ...lt value in Vigor router is Main mode IKE phase 1 proposal To propose the local available authentication schemes and encryption algorithms to the VPN peers and get its feedback to find a match Two combinations are available for Aggressive mode and nine for Main mode We suggest you select the combination that covers the most schemes IKE phase 2 proposal To propose the local available algorithms to ...

Страница 104: ...sive mode Local ID is on behalf of the IP address while identity authenticating with remote VPN server The length of the ID is limited to 47 characters Callback Function for i models only The callback function provides a callback service as a part of PPP suite only for the ISDN dial in user The router owner will be charged the connection fee by the telecom Require Remote to Callback Enable this to...

Страница 105: ...ugh the Internet You should set the User Name and Password of remote dial in user below IPSec Tunnel Allow the remote dial in user to trigger an IPSec VPN connection through Internet L2TP Allow the remote dial in user to make a L2TP VPN connection through the Internet You can select to use L2TP alone or with IPSec Select from below None Do not apply the IPSec policy Accordingly the VPN connection ...

Страница 106: ...et when you select IPSec tunnel either with or without specify the IP address of the remote node Pre Shared Key Check the box of Pre Shared Key to invoke this function and type in the required characters 1 63 as the pre shared key Digital Signature X 509 Digital Signature X 509 Check this radio button to invoke this function and select one predefined in the X 509 Peer ID Profiles set from VPN and ...

Страница 107: ...outer TCP IP Network Settings My WAN IP This field is only applicable when you select ISDN PPTP or L2TP with or without IPSec policy above The default value is 0 0 0 0 which means the Vigor router will get a PPP IP address from the remote router during the IPCP negotiation phase If the PPP IP address is fixed by remote side specify the fixed IP address here Do not change the default value if you d...

Страница 108: ...nding tunnel policy F Fe ea at tu ur re es s o of f V VP PN N T TR RU UN NK K V VP PN N B Ba ac ck ku up p M Me ec ch ha an ni is sm m VPN TRUNK Management is a backup mechanism which can set multiple VPN tunnels as backup tunnel It can assure the network connection not tobe cut off due to network environment blocked by any reason VPN TRUNK VPN Backup mechanism can judge abnormal situation for the...

Страница 109: ...d sharing for multiple VPN tunnels according to real line bandwidth Moreover it offers three types of algorithms for load balancing and binding tunnel policy mechanism to let the administrator manage the network more flexibly Three types of load sharing algorithm offered Round Robin Weighted Round Robin and Fastest Binding Tunnel Policy mechanism allows users to encrypt the data in transmission or...

Страница 110: ... Display the dial out profile selected from the Member1 drop down list below Active on Backup Profile field Yes means normal condition No means the state might be disabled or that profile currently is set with Dial in mode for call direction in LAN to LAN Type on Backup Profile field Display the connection type for that profile such as IPSec PPTP L2TP L2TP over IPSec NICE L2TP over IPSec MUST and ...

Страница 111: ...of VPN TRUNK VPN Load Balance mechanism profile Member1 Display the dial out profile selected from the Member1 drop down list below Active Yes means normal condition No means the state might be disabled or that profile currently is set with Dial in mode for call direction in LAN to LAN Type Display the connection type for that profile such as IPSec PPTP L2TP L2TP over IPSec NICE L2TP over IPSec MU...

Страница 112: ... for you to choose for grouping under certain VPN TRUNK VPN Backup Load Balance mechanism profile No Index number of LAN to LAN dial out profile Name Profile name of LAN to LAN dial out profile Connection Type Connection type of LAN to LAN dial out profile VPN ServerIP Private Network VPN Server IP of LAN to LAN dial out profiles Attribute Mode Display available mode for you to choose Choose Backu...

Страница 113: ...en n V VP PN N L Lo oa ad d B Ba al la an nc ce e D Di is sc co on nn ne ec ct te ed d For there is one Tunnel created and connected successfully to keep the load balance effect between two tunnels auto dial will be executed within two seconds To close two tunnels of load balance after connecting please click Disable for Status in General Setup field H Ho ow w c ca an n y yo ou u s se et t a a V V...

Страница 114: ...If the router will be used as the VPN Server i e with virtual address 192 168 50 200 Please type 192 168 50 200 in the field of My GRE IP Type IP address 192 168 50 100 of the client in the field of Peer GRE IP See the following graphic for an example 3 Later on peer side as VPN Client please type 192 168 50 100 in the field of My GRE IP and type IP address of the server 192 168 50 200 in the fiel...

Страница 115: ...to Auto Weighted and According to Speed Ratio Auto Weighted can detect the device speed 10Mbps 100Mbps and switch with fixed value ratio 3 7 for packet transmission If the transmission rate for packets on both sides of the tunnels is the same the value of Auto Wighted should be 5 5 According to Speed Ratio allows user to adjust suitable rate manually There are 100 groups of rate ratio for Member1 ...

Страница 116: ...ied here TCP means when the source IP destination IP destination port and fragment conditions match with the settings specified here and TCP Service Port also fits the number here such binding tunnel table can be established UDP means when the source IP destination IP destination port and fragment conditions match with the settings specified here and UDP Service Port also fits the number here such...

Страница 117: ...If you choose YES for Binding Fragmented you don t need to choose Binding Protocol B Type Binding Src IP range Start and End and Binding Des IP range Start and End Choose YES or NO for Binding Fragmented If you choose NO for Binding Fragmented please choose TCP UDP IGMP ICMP or Other as Binding Protocol Advanced Backup Profile Name List the backup profile name ERD Mode ERD means Environment Recove...

Страница 118: ...ber 1 has completed the network connection current VPN Tunnel backup connection will be off Resume when VPN connection breaks down or disconnects Member 1 will be the top priority for the system to do VPN connection Detail Information This field will display detailed information for Environment Recovers Detection ...

Страница 119: ...list for you to choose for dialing General Mode This filed displays the profile configured in LAN to LAN with Index number and VPN Server IP address The VPN connection built by General Mode does not support VPN backup function Backup Mode This filed displays the profile name saved in VPN TRUNK Management with Index number and VPN Server IP address The VPN connection built by Backup Mode supports V...

Страница 120: ...tion Dial Click this button to execute dial out function under General Mode Backup Mode or Load Balance Mode Refresh Seconds Choose the time for refresh the dial information among 5 10 and 30 Refresh Click this button to refresh the whole connection status ...

Страница 121: ...9 Any entity wants to utilize digital certificates should first request a certificate issued by a CA server It should also retrieve certificates of other trusted CA servers so it can authenticate the peer with certificates issued by those trusted CA servers Here you can manage generate and manage the local digital certificates and set trusted CA certificates Remember to adjust the time of Vigor ro...

Страница 122: ... Import Click this button to import a saved file as the certification information Refresh Click this button to refresh the information listed below View Click this button to view the detailed settings for certificate request After clicking Generate the generated information will be displayed on the window below ...

Страница 123: ...ick IMPORT to open the following window Use Browse to find out the saved text file Then click Import The one you imported will be listed on the Trusted CA Certificate window Then click Import to use the pre saved file For viewing each trusted CA certificate click View to open the certificate detail information window If you want to delete a CA certificate choose the one and click Delete to remove ...

Страница 124: ... for these certificates please type characters in both fields of Encrypt password and Retype password Also you can use Restore to retrieve these two settings to the router whenever you want 3 3 1 10 0 I IS SD DN N 3 3 1 10 0 1 1 B Ba as si ic c C Co on nc ce ep pt t ISDN means integrated services digital network that is an international communications standard for sending voice video and data over...

Страница 125: ...to accept only number matched incoming calls In addition local ISDN network provider should support MSN services The router provides three fields for MSN numbers Note that MSN services must be acquired from your local telecom operators By default MSN function is disabled If you leave the fields blank all incoming calls will be accepted without number matching 1 2 3 fields Fill in the portion that ...

Страница 126: ...sable disables the ISDN dial out function Dialup 64Kbps allows you to use one ISDN B channel for Internet access Dialup 128Kbps allows you to use both ISDN B channels for Internet access Dialup BOD for detailed information of configuration please refer to section 3 10 5 stands for bandwidth on demand The router will use only one B channel in low traffic situations Once the single B channel bandwid...

Страница 127: ...tocol during the PPP negotiation PPP MP Setup Link Type There are three link types provided here for different purpose Link Disable disables the ISDN dial out function Dialup 128Kbps allows you to use both ISDN B channels for Internet access Dialup BOD for detailed information of configuration please refer to section 3 10 5 stands for bandwidth on demand The router will use only one B channel in l...

Страница 128: ...Dial Number Enter the ISDN access number provided by the ISP Username Enter the username provided by your ISP Password Enter the password provided by your ISP IP Address Assignment Method IPCP for secondary ISP setup In most environments you should not change these settings as most ISPs provide a dynamic IP address for the router when it connects to the ISP If your ISP provides a fixed IP address ...

Страница 129: ...ll CAPI messages between the applications and the router CAPI module Before describing the configuration of Virtual TA in the Vigor routers please notice the following limitations As depicted in the above application scenario the Virtual TA client can make an outgoing call or accept an incoming call to from a peer FAX machine or ISDN TA etc Click the Virtual TA Remote CAPI Setup tab in the Quick S...

Страница 130: ...rver I In ns st ta al ll l a a V Vi ir rt tu ua al l T TA A C Cl li ie en nt t 1 Insert the CD ROM bundled with your Vigor router Find VTA Client tool in the Utility menu and click on the Install button 2 Follow the on screen instructions of the installer The last step will ask you to restart your computer Click OK to restart your computer 3 After the computer restarts you will see a VT icon in th...

Страница 131: ...r ISDN network provider On the server Click Virtual TA Remote CAPI Setup link and fill in the Username and Password fields Check the Active box to enable the account On the client Right click the mouse on the VT icon The following pop up menu will be shown Click the Virtual TA Login tab to launch the login box Enter the Username Password and then click OK After a short time the VT icon text will t...

Страница 132: ... be exposed for remote users such as FTP WWW Call Control Setup Dial Retry It specifies the dial retry counts per triggered packet A triggered packet is the packet whose destination is outside the local network The default setting is no dial retry If set to 5 for each triggered packet the router will dial 5 times until it is connected to the ISP or remote access router Dial Delay Interval It speci...

Страница 133: ... are only applied when you set the Link Type to Dialup BOD The ISDN usually use one B channel to access the Internet or remote network when you choose the Dialup BOD link type The router will use the parameters here to decide on when you activate drop the additional B channel Note that cps characters per second measures the total link utilization High Water Mark and High Water Time These parameter...

Страница 134: ...liant with the standard IEEE 802 11g protocol To boost its performance further the Vigor Router is also loaded with advanced wireless technology Super G TM to lift up data rate up to 108 Mbps Hence you can finally smoothly enjoy stream music and video Note The actual data throughput will vary according to the network conditions and environmental factors including volume of network traffic network ...

Страница 135: ...WPA Personal a pre defined key is used for encryption during data transmission WPA applies Temporal Key Integrity Protocol TKIP for data encryption while WPA2 applies AES The WPA Enterprise combines not only encryption but also authentication Since WEP has been proved vulnerable you may consider using WPA for the most secure connection You should select the appropriate security mechanism according...

Страница 136: ...other To elaborate an example for business use you may set up a wireless LAN for visitors only so they can connect to Internet without hassle of the confidential information leakage For a more flexible deployment you may add filters of MAC addresses to isolate users access from wired LAN Manage Wireless Stations Station List will display all the station in your wireless network and the status of t...

Страница 137: ...EEE802 11b and IEEE802 11g protocols simultaneously SuperG The radio only supports SuperG 11g only The radio only supports IEEE802 11g 11b only The radio only supports IEEE802 11b Index 1 15 Set the wireless LAN to work at certain time interval only You may choose up to 4 schedules out of the 15 schedules pre defined in Applications Schedule setup The default setting of this filed is blank and the...

Страница 138: ...e information except SSID or just cannot see any thing about Vigor wireless router while site surveying Long Preamble This option is to define the length of the sync field in an 802 11 packet Most modern wireless network uses short preamble with 56 bit sync filed instead of long preamble with 128 bit sync field However some original 11b wireless network devices only support long preamble Check it ...

Страница 139: ...ield of key setting below will be not available for input WEP or WPA PSK Accepts WEP and WPA clients with legal key accordingly Only Mixed WPA WPA2 is applicable if you select WPA PSK WEP 802 1x or WPA 802 1x Accept WEP or WPA clients with 802 1x authentication Only Mixed WPA WPA2 is applicable if you select WPA PSK Since the key will be auto negotiated during authentication the field of key setti...

Страница 140: ...ey PSK Either 8 63 ASCII characters such as 012345678 or 64 Hexadecimal digits leading by 0x such as 0x321253abcde WEP 64 Bit For 64 bits WEP key either 5 ASCII characters such as 12345 or 10 hexadecimal digitals leading by 0x such as 0x4142434445 128 Bit For 128 bits WEP key either 13 ASCII characters such as ABCDEFGHIJKLM or 26 hexadecimal digits leading by 0x such as 0x4142434445464748494A4B4C4...

Страница 141: ...ect to enable any one of the following policy Choose Activate MAC address filter to type in the MAC addresses for other clients in the network manually Choose Isolate WLAN from LAN will separate all the WLAN stations from LAN based on the MAC Address list MAC Address Filter Display all MAC addresses that are edited before Four buttons Add Remove Client s MAC Address Manually enter the MAC address ...

Страница 142: ... bridge interface The application for the WDS Repeater mode is depicted as below The major difference between these two modes is that while in Repeater mode the packets received from one peer AP can be repeated to another peer AP through WDS links Yet in Bridge mode packets received from a WDS link will only be forwarded to local wired or wireless hosts In other words only Repeater mode can do WDS...

Страница 143: ... mode will not invoke any WDS setting Bridge mode is designed to fulfill the first type of application Repeater mode is for the second one Security There are three types for security Disable WEP and Pre shared key The setting you choose here will make the following WEP or Pre shared key field valid or not Choose one of the types for the router ...

Страница 144: ...ddress after typing Repeater If you choose Repeater as the connecting mode please type in the peer MAC address in these fields Two peer MAC addresses are allowed to be entered in this page at one time Similarly if you want to invoke the peer MAC address remember to check Enable box in the front of the MAC address after typing Access Point Function Click Enable to make this router serving as an acc...

Страница 145: ... 3 3 1 11 1 7 7 S St ta at ti io on n L Li is st t Station List provides the knowledge of connecting wireless clients now along with its status code There is a code summary below for explanation For convenient Access Control you can select a WLAN station and click Add to Access Control below Refresh Click this button to refresh the status of station list Add Click this button to add current select...

Страница 146: ... you a very convenient way to manage hosts by grouping them based on the physical port 3 3 1 12 2 1 1 W Wi ir re ed d V VL LA AN N PCs connected to Ethernet ports of the router can be divided into different groups and formed VLAN PCs under the same groups can share each other information through the router and will not be peeked by other groups The VLAN Wired VALN allows you to configure VLAN sett...

Страница 147: ...ltaneously VLAN0 3 This router allows you to set 4 groups of virtual LAN 3 3 1 12 2 2 2 W Wi ir re el le es ss s V VL LA AN N PCs equipped with wireless network cards connected to the router through wireless interface can be divided into different groups and formed W_VLAN PCs under the same groups can share each other information through the router and will not be peeked by other groups PCs under ...

Страница 148: ...rd with City and 1234 in the boxes of W_VLAN0 And type Login ID and password with Home and 7890 in the boxes of W_VLAN1 Users can configure fifteen groups of wireless VLAN in this page Enable Check this box to invoke wireless VLAN function Login ID Type Login ID for different groups of W_VLAN with 1 to 11 characters Password Type password for different groups of W_VLAN with 1 to 11 characters ...

Страница 149: ...AN group and not allow the information sharing among them Disable broadcast and multicast traffic Check this box to prevent broadcast and multicast traffic forwarding to all W_VLAN H Ho ow w c ca an n y yo ou u w wi ir re el le es ss s c cl li ie en nt t a ac cc ce es ss s i in nt to o I In nt te er rn ne et t After finishing the configuration of wireless VLAN the wireless clients connecting to th...

Страница 150: ...ssing is successful the following screen will appear Note The floating window with connection time will be shown on the screen till you logout 5 You can go to Diagnostics Wireless VLAN Online Station for viewing the connection status whenever you want ...

Страница 151: ... following picture for an example With VLAN Cross Setup notebook A B and PCs on VLAN0 can share resources without difficulty The VLAN VALN Cross Setup allows you to set a communication bridge between computers in Wireless VLAN and wired VLAN To achieve the intention of the above illustration simply check the box under VLAN0 on the line of W_VLAN0 Enable Check this box to invoke VLAN Cross Setup fu...

Страница 152: ... Click Enable to invoke VLAN function For the rate control of wireless connection please open VLAN menu and choose Wireless Rate Control The following page will be shown for you to adjust Enable Check this box to enable this function for Rate Control The rate control will limit the transmission rate for upload and download Upload Rate It decides the rate of data transmission for output The default...

Страница 153: ...s s The System Status provides basic network settings of Vigor router It includes LAN and WAN interface information Also you could get the current running firmware version or firmware related information from this presentation Model Name Display the model name of the router Firmware Version Display the firmware version of the router Build Date Time Display the date and time of the current firmware...

Страница 154: ...lity of some features that are bound with some WLAN miniPCi card 3 3 1 13 3 2 2 T TR R 0 06 69 9 S Se et tt ti in ng g Vigor router with TR 069 is available for matching with VigorACS server Such page provides VigorACS and CPE settings under TR 069 protocol All the settings configured here is for CPE to be controlled and managed with VigorACS server Users need to type URL username and password for...

Страница 155: ... set in the box of interval time 3 3 1 13 3 3 3 A Ad dm mi in ni is st tr ra at to or r P Pa as ss sw wo or rd d This page allows you to set new password Old Password Type in the old password The factory default setting for password is blank New Password Type in new password in this filed Confirm New Password Type in the new password again When you click OK the login window will appear Please use ...

Страница 156: ...e it another name by yourself 4 Click Save button the configuration will download automatically to your computer as a file named config cfg The above example is using Windows platform for demonstrating examples The Mac or Linux platform will appear different windows but the backup function is still available Note Backup for Certification must be done independently The Configuration Backup does not...

Страница 157: ... 1 13 3 5 5 S Sy ys sl lo og g M Ma ai il l A Al le er rt t SysLog function is provided for users to monitor router There is no bother to directly get into the Web Configurator of the router or borrow debug equipments Enable Click Enable to activate this function Router Name Assign a name for the router Server IP Address The IP address of the Syslog server Destination Port Assign a port for the Sy...

Страница 158: ...tication Click OK to save these settings For viewing the Syslog please do the following 1 Just set your monitor PC s IP address in the field of Server IP Address 2 Install the Router Tools in the Utility within provided CD After installation click on the Router Tools Syslog from program menu 3 From the Syslog screen select the router you want to monitor Be reminded that in Network Information sele...

Страница 159: ...o use the browser time from the remote administrator PC host as router s system time Use Internet Time Select to inquire time information from Time Server on the Internet using assigned protocol Time Protocol Select a time protocol Server IP Address Type the IP address of the time server Time Zone Select the time zone where the router is located Automatically Update Interval Select a time interval...

Страница 160: ...the box es to specify Disable PING from the Internet Check the checkbox to reject all PING packets from the Internet For security issue this function is enabled by default Access List You could specify that the system administrator can only login from a specific host or network defined in the list A maximum of three IPs subnet masks is allowed List IP Indicate an IP address allowed to login to the...

Страница 161: ... 3 3 1 13 3 8 8 R Re eb bo oo ot t S Sy ys st te em m The Web Configurator may be used to restart your router Click Reboot System from System Maintenance to open the following page If you want to reboot the router using the current configuration check Using current configuration and click OK To reset the router settings to default values check Using factory default configuration and click OK The r...

Страница 162: ...g an example Note that this example is running over Windows OS Operating System Download the newest firmware from DrayTek s web site or FTP site The DrayTek web site is www draytek com or local DrayTek s web site and FTP site is ftp draytek com Click System Maintenance Firmware Upgrade to launch the Firmware Upgrade Utility Click OK The following screen will appear Please execute the firmware upgr...

Страница 163: ...iagnostics 3 3 1 14 4 1 1 D Di ia al l o ou ut t T Tr ri ig gg ge er r Click Diagnostics and click Dial out Trigger to open the web page The internet connection e g ISDN PPPoE PPPoA etc is triggered by a package sending from the source IP address Decoded Format It shows the source IP address local destination IP remote address the protocol and length of the package Refresh Click it to reload the p...

Страница 164: ... reload the page 3 3 1 14 4 3 3 A AR RP P C Ca ac ch he e T Ta ab bl le e Click Diagnostics and click ARP Cache Table to view the content of the ARP Address Resolution Protocol cache held in the router The table shows a mapping between an Ethernet hardware address MAC Address and an IP address Refresh Click it to reload the page Clear Click it to clear the whole table ...

Страница 165: ...IP Address It displays the IP address assigned by this router for specified PC MAC Address It displays the MAC address for the specified PC that DHCP assigned IP address for it Leased Time It displays the leased time of the specified PC HOST ID It displays the host ID name of the specified PC Refresh Click it to reload the page 3 3 1 14 4 5 5 N NA AT T S Se es ss si io on ns s T Ta ab bl le e Clic...

Страница 166: ... 3 1 14 4 6 6 W Wi ir re el le es ss s V VL LA AN N O On nl li in ne e S St ta at ti io on n T Ta ab bl le e Click Diagnostics and click Wireless VLAN Online Station Table to open the web page It will display the IP address MAC address and Login ID information for all the Wireless VLAN stations IP Address Display the IP address of the wireless station MAC Address Display the MAC address of the wir...

Страница 167: ...dialog box will appear to remind you enabling it Click Diagnostics and click Data Flow Monitor to open the web page Enable Data Flow Monitor Check this box to enable this function Refresh Seconds Use the drop down list to choose the time interval of refreshing data flow that will be done by the system automatically Refresh Click this link to refresh this page manually Index Display the number of t...

Страница 168: ... ic c G Gr ra ap ph h Click Diagnostics and click Traffic Graph to pen the web page Choose WAN1 Bandwidth WAN2 Bandwidth or Sessions for viewing different traffic graph Click Refresh to renew the graph at any time The horizontal axis represents time Yet the vertical axis has different meanings For WAN1 WAN2 Bandwidth chart the numbers displayed on vertical axis represent the numbers of the transmi...

Страница 169: ...WAN interface that you want to ping through or choose Unspecified to be determined by the router automatically Ping to Use the drop down list to choose the destination that you want to ping IP Address Type in the IP address of the Host IP that you want to ping Run Click this button to start the ping work The result will be displayed on the screen Clear Click this link to remove the result on the w...

Страница 170: ... IP address of the host in the box and click Run The result of route trace will be shown on the screen Trace through Use the drop down list to choose the WAN interface that you want to ping through or choose Unspecified to be determined by the router automatically Host IP Address It indicates the IP address of the host Run Click this button to start route tracing work Clear Click this link to remo...

Страница 171: ...ch as the remote branch office and headquarter According to the network structure as shown in the below illustration you may follow the steps to create a LAN to LAN profile These two networks LANs should NOT have the same network address Settings in Router A in headquarter 1 Go to VPN and Remote Access and select Remote Access Control to enable the necessary VPN service and click OK 2 Then For usi...

Страница 172: ...ttings as shown below You should enable both of VPN connections because any one of the parties may start the VPN connection 5 Set Dial Out Settings as shown below to dial to connect to Router B aggressively with the selected Dial Out method If an IPSec based service is selected you should further specify the remote peer IP Address IKE Authentication Method and IPSec Security Method for this Dial O...

Страница 173: ...w to allow Router B dial in to build VPN connection If an IPSec based service is selected you may further specify the remote peer IP Address IKE Authentication Method and IPSec Security Method for this Dial In connection Otherwise it will apply the settings defined in IPSec General Setup above If a PPP based service is selected you should further specify the remote peer IP Address Username Passwor...

Страница 174: ...er B in the remote office 1 Go to VPN and Remote Access and select Remote Access Control to enable the necessary VPN service and click OK 2 Then for using PPP based services such as PPTP L2TP you have to set general settings in PPP General Setup For using IPSec based service such as IPSec or L2TP with IPSec Policy you have to set general settings in IPSec General Setup such as the pre shared key t...

Страница 175: ...et Dial Out Settings as shown below to dial to connect to Router B aggressively with the selected Dial Out method If an IPSec based service is selected you should further specify the remote peer IP Address IKE Authentication Method and IPSec Security Method for this Dial Out connection If a PPP based service is selected you should further specify the remote peer IP Address Username Password PPP Au...

Страница 176: ... is selected you may further specify the remote peer IP Address IKE Authentication Method and IPSec Security Method for this Dial In connection Otherwise it will apply the settings defined in IPSec General Setup above If a PPP based service is selected you should further specify the remote peer IP Address Username Password and VJ Compression for this Dial In connection ...

Страница 177: ...r2950 Series User s Guide 171 7 At last set the remote network IP subnet in TCP IP Network Settings so that Router B can direct the packets destined to the remote network to Router A via the VPN connection ...

Страница 178: ...e as shown in the below illustration you may follow the steps to create a Remote User Profile and install Smart VPN Client on the remote host Settings in VPN Router in the enterprise office 1 Go to VPN and Remote Access and select Remote Access Control to enable the necessary VPN service and click OK 2 Then for using PPP based services such as PPTP L2TP you have to set general settings in PPP Gene...

Страница 179: ...tion If an IPSec based service is selected you may further specify the remote peer IP Address IKE Authentication Method and IPSec Security Method for this Dial In connection Otherwise it will apply the settings defined in IPSec General Setup above If a PPP based service is selected you should further specify the remote peer IP Address Username Password and VJ Compression for this Dial In connectio...

Страница 180: ... complimentary software to help you create PPTP L2TP and L2TP over IPSec tunnel You can find it in CD ROM in the package or go to www draytek com download center Install as instructed 2 After successful installation for the first time user you should click on the Step 0 Configure button Reboot the host 3 In Step 2 Connect to VPN Server click Insert button to add a new entry If an IPSec based servi...

Страница 181: ...P based service is selected you should further specify the remote VPN server IP address Username Password and encryption method The User Name and Password should be consistent with the one set up in the VPN router To use default gateway on remote network means that all the packets of remote host will be directed to VPN server then forwarded to Internet This will make the remote host seem to be wor...

Страница 182: ...e of children When working time he would use Vigor router at home to connect to the server in the headquater office downtown via either HTTPS or VPN to check email and access internal database Meanwhile children may chat on VoIP or Skype in the restroom 1 Make sure the QoS Control on the left corner is checked And select BOTH in Direction 2 Enter the Name of Index Class 1 by clicking Edit link In ...

Страница 183: ...raffic of VoIP influent other application 5 If the worker has connected to the headquater using host to host VPN tunnel Please refer to Chapter 3 VPN for detailed instruction he may set up an index for it Enter the Class Name of Index 3 In this index he will set reserve bandwidth for 1 VPN tunnel 6 Click edit to open a new window First check the ACT box Then click SrcEdit to set a worker s subnet ...

Страница 184: ...ivate IP address Subnet Mask is 192 168 1 1 255 255 255 0 The built in DHCP server is enabled so it assigns every local NATed host an IP address of 192 168 1 x starting from 192 168 1 10 You can just set the settings wrapped inside the red rectangles to fit the request of NAT usage To use another DHCP server in the network rather than the built in one of Vigor Router you have to change the setting...

Страница 185: ...Vigor2950 Series User s Guide 179 You can just set the settings wrapped inside the red rectangles to fit the request of NAT usage ...

Страница 186: ...y click Install Now under Syslog description to install the corresponding program 4 The file RTSxxx exe will be asked to copy onto your computer Remember the place of storing the execution file 5 Go to www draytek com to find out the newly update firmware for your router 6 Access into Support Center Downloads Find out the model name of the router and click the firmware link The Tools of Vigor rout...

Страница 187: ...n Programs and choose Router Tools XXX Firmware Upgrade Utility 12 Type in your router IP usually 192 168 1 1 13 Click the button to the right side of Firmware file typing box Locate the files that you download from the company web sites You will find out two files with different extension names xxxx all keep the old custom settings and xxxx rst reset all the custom settings to default settings Ch...

Страница 188: ...Vigor2950 Series User s Guide 182 14 Click Send 15 Now the firmware update is finished ...

Страница 189: ... 183 4 4 6 6 R Re eq qu ue es st t a a c ce er rt ti if fi ic ca at te e f fr ro om m a a C CA A s se er rv ve er r o on n W Wi in nd do ow ws s C CA A S Se er rv ve er r 1 Go to Certificate Management and choose Local Certificate ...

Страница 190: ...t Enter the information in the certificate request 3 Copy and save the X509 Local Certificate Requet as a text file and save it for later use 4 Connect to CA server via web browser Follow the instruction to submit the request Below we take a Windows 2000 CA server for example Select Request a Certificate ...

Страница 191: ... file Select Router Offline request or IPSec Offline request below Then you have done the request and the server now issues you a certificate Select Base 64 encoded certificate and Download CA certificate Now you should get a certificate cer file and save it 5 Back to Vigor router go to Local Certificate Click IMPORT button and browse the file to import the certificate cer file into Vigor router W...

Страница 192: ...Vigor2950 Series User s Guide 186 and you will find the below window showing BEGINE CERTIFICATE 6 You may review the detail information of the certificate by clicking View button ...

Страница 193: ... ti if fi ic ca at te e a an nd d S Se et t a as s T Tr ru us st te ed d o on n W Wi in nd do ow ws s C CA A S Se er rv ve er r 1 Use web browser connecting to the CA server that you would like to retrieve its CA certificate Click Retrive the CA certificate or certificate recoring list ...

Страница 194: ...ed CA Certificate Click IMPORT button and browse the file to import the certificate cer file into Vigor router When finished click refresh and you will find the below illustration 4 You may review the detail information of the certificate by clicking View button Note Before setting certificate configuration please go to System Maintenance Time and Date to reset current time of the router first ...

Страница 195: ...t already been assigned follow the on screen instructions to assign one 3 After assigning a password type You will see a list of valid common commands depending on the router that your use 4 For using ERD mechanism please type vpn Trunk backup The available commands will be shown as the following figure 1 To inquire current ERD setting vpn Trunk backup ERD VpnBackup name of Trunk profile 2 Normal ...

Страница 196: ...d connect to headquarters automatically and that is called ERD To set ERD Recover mode To check current status of Recover vpn Trunk backup ERD VpnBackup Recover To set Recover vpn Trunk backup ERD VpnBackup Recover 3600 Why use second Recover might cause unstable condition for data transmitting To solve the problem you can set value for second to specify valid time for sending data out When set va...

Страница 197: ...m Example 1 A VPN TRUNK profile with member 1 GRE over IPSec type LAN to LAN Router Mode and Member 2 GRE over IPSec type LAN to LAN Router Mode has been created for Router A VPN Client for connecting with Router B VPN Server 1 VPN Client site For LAN to LAN Dial out for member1 and member2 please finish LAN to LAN IPSec Dial Out Router Mode configuration Member1 LAN to LAN Dial out Profile GRE ov...

Страница 198: ...TRUNK Management press Advanced for Load Balance Profile List and choose suitable algorithm for VPN Load Balance Algorithm 2 VPN Server site For LAN to LAN Dial out for member1 and member2 please finish LAN to LAN IPSec Dial In configuration Finish GRE over IPSec setting in LAN to LAN Dial In Profile for matching with VPN Client Member1 configuration Finish GRE over IPSec setting in LAN to LAN Dia...

Страница 199: ...Vigor2950 Series User s Guide 193 3 Dialing from VPN Client site ...

Страница 200: ...I If f t th he e H Ha ar rd dw wa ar re e S St ta at tu us s I Is s O OK K o or r N No ot t Follow the steps below to verify the hardware status 1 Check the power line and WLAN LAN cable connections Refer to 2 1 Hardware Installation for details 2 Turn on the router Make sure the ACT LED blink once per second and the correspondent LAN LED is bright 3 If not it means that there is something wrong w...

Страница 201: ...o the examples for other operation systems please refer to the similar steps or find support notes in www draytek com 1 Go to Control Panel and then double click on Network Connections 2 Right click on Local Area Connection and click on Properties 3 Select Internet Protocol TCP IP and then click Properties ...

Страница 202: ...matically and Obtain DNS server address automatically F Fo or r M Ma ac cO Os s 1 Double click on the current used MacOs on the desktop 2 Open the Application folder and get into Network 3 On the Network screen select Using DHCP from the drop down list of Configure IPv4 ...

Страница 203: ...e router correctly F Fo or r W Wi in nd do ow ws s 1 Open the Command Prompt window from Start menu Run 2 Type command for Windows 95 98 ME or cmd for Windows NT 2000 XP The DOS command dialog will appear 3 Type ping 192 168 1 1 and press Enter It the link is OK the line of Reply from 192 168 1 1 bytes 32 time 1ms TTL 255 will appear 4 If the line does not appear please check the IP address settin...

Страница 204: ...Vigor2950 Series User s Guide 198 ...

Страница 205: ...N1 WAN2 to review the settings that you configured previously F Fo or r P PP PP Po oE E U Us se er rs s 1 Check if the Enable option is selected 2 Check if Username and Password are entered with correct values that you got from your ISP F Fo or r S St ta at ti ic c o or r D Dy yn na am mi ic c I IP P U Us se er rs s 1 Check if the Enable option is selected 2 Check if IP address Subnet Mask and Gat...

Страница 206: ...Guide 200 F Fo or r P PP PT TP P U Us se er rs s 1 Check if the Enable option for PPTP Link is selected 2 Check if PPTP Server Username Password and WAN IP address are set correctly must identify with the values from your ISP ...

Страница 207: ... ar re e R Re es se et t You can reset the router to factory default via Web page Go to System Maintenance and choose Reboot System on the web page The following screen will appear Choose Using factory default configuration and click OK After few seconds the router will return all the settings to the factory settings H Ha ar rd dw wa ar re e R Re es se et t While the router is running ACT LED blin...

Страница 208: ... nt ta ac ct ti in ng g Y Yo ou ur r D De ea al le er r If the router still cannot work correctly after trying many efforts please contact your dealer for further help right away For any questions please feel free to send e mail to support draytek com ...

Отзывы: