background image

 

Vigor3100 Series User’s Guide 

87

4

 

 

A

A

p

p

p

p

l

l

i

i

c

c

a

a

t

t

i

i

o

o

n

n

 

 

a

a

n

n

d

d

 

 

E

E

x

x

a

a

m

m

p

p

l

l

e

e

s

s

 

 

4

4

.

.

1

1

 

 

C

C

r

r

e

e

a

a

t

t

e

e

 

 

a

a

 

 

L

L

A

A

N

N

-

-

t

t

o

o

-

-

L

L

A

A

N

N

 

 

c

c

o

o

n

n

n

n

e

e

c

c

t

t

i

i

o

o

n

n

 

 

b

b

e

e

t

t

w

w

e

e

e

e

n

n

 

 

r

r

e

e

m

m

o

o

t

t

e

e

 

 

o

o

f

f

f

f

i

i

c

c

e

e

 

 

a

a

n

n

d

d

 

 

h

h

e

e

a

a

d

d

q

q

u

u

a

a

r

r

t

t

e

e

r

r

 

 

The most common case is that you may want to connect to network securely, such as the 
remote branch office and headquarter. According to the network structure as shown in the 
below illustration, you may follow the steps to create a LAN-to-LAN profile. These two 
networks (LANs) should NOT have the same network address.   

 

 

 

Settings in Router A in headquarter: 

1.

 

Go to 

VPN and Remote Access

 and select 

Remote Access Control

 to enable the 

necessary VPN service. 

2. 

Then, 
For using 

PPP

 based services, such as PPTP, L2TP, or ISDN, you have to set general 

settings in 

PPP General Setup

 

 

 

For using 

IPSec

-based service, such as IPSec or L2TP with IPSec Policy, you have to set 

general settings in 

IPSec General Setup

, such as the pre-shared key that both parties 

have known. 

Содержание Vigor 3100 Series

Страница 1: ...nslated into any language without written permission from the copyright holders The scope of delivery and other details are subject to change without prior notice Microsoft is a registered trademark o...

Страница 2: ...Vigor3100 Series User s Guide ii...

Страница 3: ...E PPPoA 8 2 2 3 Bridged IP 9 2 2 4 Routed IP 10 2 3 Selecting Correct Annex Type 11 2 4 Online Status 12 2 5 Saving Configuration 13 3 Advanced Web Configuration 15 3 1 Internet Access 15 3 1 1 Basics...

Страница 4: ...7 3 8 1 System Status 77 3 8 2 Administrator Password 78 3 8 3 Configuration Backup 78 3 8 4 Syslog Mail Alert 80 3 8 5 Time and Date 81 3 8 6 Management 82 3 8 7 Reboot System 83 3 8 8 Firmware Upgra...

Страница 5: ...tus Is OK or Not 109 5 2 Checking If the Network Connection Settings on Your Computer Is OK or Not 109 5 3 Pinging the Router from Your Computer 112 5 4 Checking If the ISP Settings are OK or Not 113...

Страница 6: ......

Страница 7: ...h line rate as much as 108Mbps with Super G TM The Vigor3100 G models feature WPA2 802 11i wireless LAN isolation and WDS Wireless Distribution System A Virtual Private Network VPN is an extension of...

Страница 8: ...5 seconds When you see the ACT LED begins to blink rapidly than usual release the button Then the router will restart with the factory default configuration DSL Connect the G SHDSL line to access the...

Страница 9: ...Ch ha as ss si is s C Co on nn ne ec ct ti io on ns s The Vigor3100 series can be mounted on a rack by using standard brackets in a 19 inch rack or optional larger brackets on 23 inch rack not includ...

Страница 10: ...eries User s Guide 4 Use brackets to set the Vigor router on the rack as shown below After the bracket installation the Vigor3100 chassis can be installed in a rack by using four screws for each side...

Страница 11: ...assword for this device you have to access into the web browse with default password first 1 Make sure your computer connects to the router correctly Notice You may either simply set up your computer...

Страница 12: ...er the login password the default is blank on the field of Old Password Type a new one in the field of New Password and retype it on the field of Confirm Password Then click OK to continue 6 Now the p...

Страница 13: ...header inside each ATM cell that indicates where the cell should be routed The ATM is a method of sending data in small packets of fixed sizes It is used for transferring data to client computers VCI...

Страница 14: ...with ATM as the transport PPPoE or PPPoA is used for most of DSL modem users All local users can share one PPPoE or PPPoA connection for accessing the Internet Your service provider will provide you i...

Страница 15: ...ow 2 2 2 2 3 3 B Br ri id dg ge ed d I IP P Click 1483 Bridged IP as the protocol Type in all the information that your ISP provides for this protocol After finishing the settings in this page click N...

Страница 16: ...e 10 2 2 2 2 4 4 R Ro ou ut te ed d I IP P Click 1483 Routed IP as the protocol Type in all the information that your ISP provides for this protocol After finishing the settings in this page click Nex...

Страница 17: ...t A An nn ne ex x T Ty yp pe e After finishing Quick Start Wizard please go to Internet Access and choose DSL Settings for choosing correct annex type for your router Use the drop down list of Annex T...

Страница 18: ...primary DNS Secondary DNS Displays the assigned IP address of the secondary DNS IP Address in LAN Displays the IP address of the LAN interface TX Packets Displays the total transmitted packets at the...

Страница 19: ...at ti io on n Each time you click OK on the web page for saving the configuration you can find messages showing the system interaction with you Ready indicates the system is ready for you to input set...

Страница 20: ...Vigor3100 Series User s Guide 14...

Страница 21: ...at t a ar re e P Pu ub bl li ic c I IP P A Ad dd dr re es ss s a an nd d P Pr ri iv va at te e I IP P A Ad dd dr re es ss s As the router plays a role to manage and further protect its LAN it interco...

Страница 22: ...g protocol of the internet please select PPPoE PPPoA from the Internet Access menu The following web page will be shown PPPoE PPPoA Client Click Enable for activating this function If you click Disabl...

Страница 23: ...AP only or PAP or CHAP for PPP Always On Check this box if you want the router keeping connecting to Internet forever Idle Timeout Set the timeout for breaking down the Internet after passing through...

Страница 24: ...Index 1 15 in Schedule Setup You can type in four sets of time schedule for your request All the schedules can be set previously in Application Schedule web page and you can use the number that you ha...

Страница 25: ...down the list to choose the type provided by ISP VPI Type in the value provided by ISP VCI Type in the value provided by ISP RIP Protocol Routing Information Protocol is abbreviated as RIP RFC1058 spe...

Страница 26: ...the router You can use Default MAC Address or specify another MAC address for your necessity MAC Address Type in the MAC address for the router manually DNS Server IP Address Type in the primary IP ad...

Страница 27: ...l Select a proper protocol for this channel Encapsulation Choose a proper type for this channel The types will be different according to the protocol setting that you choose 3 3 1 1 5 5 D DS SL L S Se...

Страница 28: ...Area Network LAN is a group of subnets regulated and ruled by router The design of network structure is related to what type of public IP addresses coming from your ISP 3 3 2 2 1 1 B Ba as si ic cs s...

Страница 29: ...on with neighboring routers using the RIP to accomplish IP routing This allows users to change the information of the router such as IP address and the routers will automatically inform for each other...

Страница 30: ...lt 192 168 1 1 1st Subnet Mask Type in an address code that determines the size of the network Default 255 255 255 0 24 For IP Routing Usage Click Enable to invoke this function The default setting is...

Страница 31: ...o those hosts in 2nd subnet won t get an IP address belonging to 1st subnet RIP Protocol Control Disable deactivates the RIP protocol It will lead to a stoppage of the exchange of routing information...

Страница 32: ...m The DNS server converts the user friendly name into its equivalent IP address Force DNS manual setting Primary IPAddress You must specify a DNS server IP address here because your ISP should provide...

Страница 33: ...e is an example of setting Static Route in Main Router so that user A and B locating in different subnet can talk to each other via the router Assuming the Internet access has been configured and the...

Страница 34: ...t those hosts on the internal private subnets ex 192 168 10 0 24 can access the Internet via the router and continuously exchange of IP routing information with different subnets 2 Click the LAN Stati...

Страница 35: ...he Static Route Configuration page 2 Select Inactive Disable from the drop down menu and then click the OK button to disable the route 3 3 2 2 4 4 V VL LA AN N Virtual LAN function provides you a very...

Страница 36: ...e 1 If VLAN 0 is consisted of hosts linked to P1 and P2 and VLAN 1 is consisted of hosts linked to P3 and P4 2 After checking the box to enable VLAN function you will check the table according to the...

Страница 37: ...d into one public IP address thus you can have only one IP address on behalf of the entire internal hosts z Enhance security of the internal network by obscuring the IP address There are many attacks...

Страница 38: ...u know you have to forward rather than forward all ports Otherwise you will compromise the firewall type security initially deployed by the NAT facility To use this function please go to NAT page and...

Страница 39: ...than the default port 80 to avoid conflict such as 8080 This can be set in the System Maintenance Management You then will access the admin screen of by suffixing the IP address with 8080 e g http 19...

Страница 40: ...t to open the following page Enable Check to enable the DMZ Host function Private IP Enter the private IP address of the DMZ host or click Choose PC to select one Choose PC Click this button and then...

Страница 41: ...Open Ports to open the following page Index Indicate the relative number for the particular entry that you want to offer service in a local host You should click the appropriate index number to edit...

Страница 42: ...e private IP address of the local host or click Choose PC to select one Choose PC Click this button and subsequently a window having a list of private IP addresses of local hosts will automatically po...

Страница 43: ...outer to build an unwanted outgoing connection The most basic security concept is to set user name and password while you install your router The administrator login will prevent unauthorized access t...

Страница 44: ...rnet connection Data Filter is applied to incoming and outgoing traffic It will check packets according to the filter rules If legal the packet will pass the router The following illustrations are flo...

Страница 45: ...er such as the number of thresholds is identified as an attack and the Vigor router will activate its defense mechanism to mitigate in a real time manner The below shows the attack types that DoS DDoS...

Страница 46: ...rnet researchers The server will look up the URL and return a category to your router Your Vigor router will then decide whether to allow access to this site according to the categories you have selec...

Страница 47: ...ted UDP Packets By checking this box you can play these kinds of on line games If security concern is in higher priority you cannot enable Accept Incoming Fragmented UDP Packets 3 3 4 4 3 3 F Fi il lt...

Страница 48: ...rule and that does not match further rules will be dropped Pass If No Further Match A packet matching the rule and that does not match further rules will be passed through Branch to other Filter Set...

Страница 49: ...tion Protocol IP address Subnet Mask Operator Start Port and End Port settings It is used for Data Filter only Keep State is in the same nature of modern term Stateful Packet Inspection It tracks pack...

Страница 50: ...ock To block selected IM applications during specific periods enter the number of the scheduler predefined in Applications Call Schedule 3 3 4 4 5 5 P P2 2P P B Bl lo oc ck ki in ng g P2P is the short...

Страница 51: ...specified protocol Disallow upload Forbid the client to access into the application through the specified protocol for downloading Yet uploading is allowed 3 3 4 4 6 6 D Do oS S D De ef fe en ns se e...

Страница 52: ...router will start to randomly discard the subsequent UDP packets for a period defined in Timeout The default setting for threshold and timeout are 150 packets per second and 10 seconds respectively En...

Страница 53: ...ight block some legal packets For example when you activate the fraggle attack defense all broadcast UDP packets coming from the Internet are blocked Therefore the RIP packets from the Internet might...

Страница 54: ...er can review it through Syslog daemon Look for the keyword DoS in the message followed by a name to indicate what kind of attacks is detected 3 3 4 4 7 7 U UR RL L C Co on nt te en nt t F Fi il lt te...

Страница 55: ...or a complete URL string Multiple keywords within a frame are separated by space comma or semicolon In addition the maximal length of each frame is 32 character long After specifying keywords the Vigo...

Страница 56: ...e cookie transmission from inside to outside world to protect the local user s privacy Proxy Check the box to reject any proxy transmission To control efficiently the limited bandwidth usage it will b...

Страница 57: ...the Internet It is particularly helpful if you host a web server FTP server or other server behind the router Before you use the Dynamic DNS feature you have to apply for free DDNS service to the DDN...

Страница 58: ...t the service provider for the DDNS account Service Type Select a service type Dynamic Custom Static Domain Name Type in a domain name that you applied previously Login Name Type in the login name tha...

Страница 59: ...in hours so that users can connect to the Internet only during certain hours say business hours The schedule is also applicable to other functions You have to set your time before set schedule In Syst...

Страница 60: ...PPPoE Internet access connection to be always on Force On from 9 00 to 18 00 for whole week office hour Other time the Internet access connection should be disconnected Force Down Office Hour Force O...

Страница 61: ...ed devices the ease of installation and configuration which is already available for directly connected PC peripherals with the existing Windows Plug and Play system For NAT routers the major feature...

Страница 62: ...essenger to discover what are behind a NAT router The application will also learn the external IP address and configure port mappings on the router Subsequently such a facility forwards packets from t...

Страница 63: ...ications and marking them for high priority service level enforcement throughout the network z Scheduling Based on classification of service level to assign packets to queues and associated service ty...

Страница 64: ...ng The following QoS policies will be defined in the form of ratio of upstream downstream speed We will also provide application QoS requirement as reference to help you accomplish this task The setti...

Страница 65: ...andwidth ratio on the right field This is a protection of TCP application traffic since UDP application traffic such as streaming video will exhaust lots of bandwidth Limited_bandwidth Ratio The ratio...

Страница 66: ...e port configuration type Single or Range and type in the range for the Port Number 3 3 6 6 V VP PN N a an nd d R Re em mo ot te e A Ac cc ce es ss s A Virtual Private Network VPN is the extension of...

Страница 67: ...ents that the MPPE encryption method will be optionally employed in the router for the remote dial in user If the remote dial in user does not support the MPPE encryption algorithm the router will tra...

Страница 68: ...its policies to the remote peer and then remote peer tries to find a highest priority match with its policies Eventually to set up a secure tunnel for IKE Phase 2 Phase 2 negotiation IPSec security me...

Страница 69: ...ing Security Payload ESP means payload data will be encrypted and authenticated You may select encryption algorithm from Data Encryption Standard DES Triple DES 3DES and AES 3 3 6 6 4 4 I IP PS Se ec...

Страница 70: ...matching value The field includes Country C State ST Location L Organization O Organization Unit OU Common Name CN and Email E 3 3 6 6 5 5 R Re em mo ot te e D Di ia al l I In n U Us se er r You can...

Страница 71: ...ymbol V and X represent the specific dial in user to be active and inactive respectively Click each index to edit one remote user profile Each Dial In Type requires you to fill the different correspon...

Страница 72: ...d be the same as the ID you set in the Local ID of IKE advanced settings window Enter Peer ISDN number if you select ISDN above Also you should further specify the corresponding security methods on th...

Страница 73: ...ial in user The budget will be decreased automatically per callback connection 3 3 6 6 6 6 L LA AN N t to o L LA AN N Here you can manage LAN to LAN connections by maintaining a table of connection pr...

Страница 74: ...connection has been idled over the value the router will drop the connection Enable PING to keep alive This function is to help the router to determine the status of IPSec VPN connection especially u...

Страница 75: ...pure L2TP connection Nice to Have Apply the IPSec policy first if it is applicable during negotiation Otherwise the dial out VPN connection becomes one pure L2TP connection Must Specify the IPSec pol...

Страница 76: ...and key life of each IKE phase Gateway etc The window of Advance setup is as show below IKE phase 1 mode Select from Main mode and Aggressive mode The ultimate outcome is to exchange security proposa...

Страница 77: ...ack Function for I models The callback function provides a callback service as a part of PPP suite only for the ISDN dial in user The router owner will be charged the connection fee by the telecom Req...

Страница 78: ...the authentication methods and security methods in the general settings User Name This field is applicable when you select PPTP or L2TP w or w out IPSec policy above This field is also applicable if y...

Страница 79: ...The default value is 0 0 0 0 which means the Vigor router will get a remote Gateway IP address from the remote router during the IPCP negotiation phase If the WAN IP address is fixed by remote side sp...

Страница 80: ...he digital signature of the certificate issuing authority so that a recipient can verify that the certificate is real Here Vigor router support digital certificates conforming to standard X 509 Any en...

Страница 81: ...rate Certificate Request window Type in all the information that the window request Then click Generate again Import Click this button to import a saved file as the certification information Refresh C...

Страница 82: ...rtificate To import a pre saved trusted CA certificate please click IMPORT to open the following window Use Browse to find out the saved text file Then click Import The one you imported will be listed...

Страница 83: ...ld get the current running firmware version or firmware related information from this presentation Model Name Displays the model name of the router Firmware Version Displays the firmware version of th...

Страница 84: ...this filed Retype New Password Type in the new password again When you click OK the login window will appear Please use the new password to access into the web configurator again 3 3 8 8 3 3 C Co on n...

Страница 85: ...fig cfg The above example is using Windows platform for demonstrating examples The Mac or Linux platform will appear different windows but the backup function is still available R Re es st to or re e...

Страница 86: ...a port for the Syslog protocol SMTP Server The IP address of the SMTP server Mail To Assign a mail address for sending mails out Return Path Assign a path for receiving the mail from outside Click OK...

Страница 87: ...se the browser time from the remote administrator PC host as router s system time Use Internet Time Select to inquire time information from Time Server on the Internet using assigned protocol Time Pro...

Страница 88: ...e Internet For security issue this function is enabled by default Access List You could specify that the system administrator can only login from a specific host or network defined in the list A maxim...

Страница 89: ...ck Using current configuration and click OK To reset the router settings to default values check Using factory default configuration and click OK The router will take 5 seconds to reboot the system 3...

Страница 90: ...lay the broadband access mode and status If the broadband connection is active it will show Internet access mode is enabled If the connection is idle it will show WAN IP Address The WAN IP address for...

Страница 91: ...in the router The table shows a mapping between an Ethernet hardware address MAC Address and an IP address Refresh Click it to reload the page Clear Click it to clear the whole table 3 3 9 9 5 5 D DH...

Страница 92: ...igor3100 Series User s Guide 86 Refresh Click it to reload the page 3 3 9 9 6 6 N NA AT T S Se es ss si io on ns s T Ta ab bl le e Click Diagnostics and click NAT Sessions Table to open the setup page...

Страница 93: ...cording to the network structure as shown in the below illustration you may follow the steps to create a LAN to LAN profile These two networks LANs should NOT have the same network address Settings in...

Страница 94: ...Settings as shown below to dial to connect to Router B aggressively with the selected Dial Out method If an IPSec based service is selected you should further specify the remote peer IP Address IKE A...

Страница 95: ...d you may further specify the remote peer IP Address IKE Authentication Method and IPSec Security Method for this Dial In connection Otherwise it will apply the settings defined in IPSec General Setup...

Страница 96: ...n Settings in Router B in the remote office 1 Go to Remote Access Control to enable the necessary VPN service 2 Then for using PPP based services such as PPTP L2TP or ISDN you have to set general sett...

Страница 97: ...l Out Settings as shown below to dial to connect to Router B aggressively with the selected Dial Out method If an IPSec based service is selected you should further specify the remote peer IP Address...

Страница 98: ...lected you may further specify the remote peer IP Address IKE Authentication Method and IPSec Security Method for this Dial In connection Otherwise it will apply the settings defined in IPSec General...

Страница 99: ...r3100 Series User s Guide 93 7 At last set the remote network IP subnet in TCP IP Network Settings so that Router B can direct the packets destined to the remote network to Router A via the VPN connec...

Страница 100: ...he network structure as shown in the below illustration you may follow the steps to create a Remote User Profile and install Smart VPN Client on the remote host Settings in VPN Router in the enterpris...

Страница 101: ...ion If an IPSec based service is selected you may further specify the remote peer IP Address IKE Authentication Method and IPSec Security Method for this Dial In connection Otherwise it will apply the...

Страница 102: ...omplimentary software to help you create PPTP L2TP and L2TP over IPSec tunnel You can find it in CD ROM in the package or go to www draytek com download center Install as instructed 2 After successful...

Страница 103: ...based service is selected you should further specify the remote VPN server IP address Username Password and encryption method The User Name and Password should be consistent with the one set up in th...

Страница 104: ...ver in the headquater office downtown via either HTTPS or VPN to check email and access internal database Meanwhile children may chat on VoIP or Skype in the restroom 1 Make sure the QoS Control on th...

Страница 105: ...s Name of Index 3 In this index she will set reserve bandwidth for 1 VPN tunnel And click Advance button on the right 8 Click edit to open a new window First check the ACT box Then click SrcEdit to se...

Страница 106: ...00 You can just set the settings wrapped inside the red rectangles to fit the request of NAT usage To use another DHCP server in the network rather than the built in one of Vigor Router you have to ch...

Страница 107: ...Vigor3100 Series User s Guide 101 You can just set the settings wrapped inside the red rectangles to fit the request of NAT usage...

Страница 108: ...y u us si in ng g A A P Pu ub bl li ic c S Su ub bn ne et t An example of setting Vigor router for IP routing of public subnet and the corresponding deployment are shown below You can just set the set...

Страница 109: ...103 4 4 6 6 R Re eq qu ue es st t a a c ce er rt ti if fi ic ca at te e f fr ro om m a a C CA A s se er rv ve er r o on n W Wi in nd do ow ws s C CA A S Se er rv ve er r 1 Go to Certificate Management...

Страница 110: ...Enter the information in the certificate request 3 Copy and save the X509 Local Certificate Requet as a text file and save it for later use 4 Connect to CA server via web browser Follow the instructi...

Страница 111: ...le Select Router Offline request or IPSec Offline request below Then you have done the request and the server now issues you a certificate Select Base 64 encoded certificate and Download CA certificat...

Страница 112: ...NE CERTIFICATE 6 You may review the detail information of the certificate by clicking View button 4 4 7 7 R Re eq qu ue es st t a a C CA A C Ce er rt ti if fi ic ca at te e a an nd d S Se et t a as s...

Страница 113: ...e to download click CA Certificate Current and Base 64 encoded and Download CA certificate to save the cer file 3 Back to Vigor router go to Trusted CA Certificate Click IMPORT button and browse the f...

Страница 114: ...Vigor3100 Series User s Guide 108...

Страница 115: ...I If f t th he e H Ha ar rd dw wa ar re e S St ta at tu us s I Is s O OK K o or r N No ot t Follow the steps below to verify the hardware status 1 Check the power line and WLAN LAN cable connections...

Страница 116: ...the examples for other operation systems please refer to the similar steps or find support notes in www draytek com 1 Go to Control Panel and then double click on Network Connections 2 Right click on...

Страница 117: ...atically and Obtain DNS server address automatically F Fo or r M Ma ac cO Os s 1 Double click on the current used MacOs on the desktop 2 Open the Application folder and get into Network 3 On the Netwo...

Страница 118: ...router correctly F Fo or r W Wi in nd do ow ws s 1 Open the Command Prompt window from Start menu Run 2 Type command for Windows 95 98 ME or cmd for Windows NT 2000 XP The DOS command dialog will app...

Страница 119: ...ess Setup group and then check whether the ISP settings are set correctly F Fo or r P PP PP Po oE E P PP PP Po oA A U Us se er rs s 1 Check if the Enable option is selected 2 Check if all parameters o...

Страница 120: ...Try to reset the router by software or hardware Warning After pressing factory default setting you will loose all settings you did before Make sure you have recorded all useful settings before you pr...

Страница 121: ...he router again to fit your personal request 5 5 6 6 C Co on nt ta ac ct ti in ng g Y Yo ou ur r D De ea al le er r If the router still cannot work correctly after trying many efforts please contact y...

Страница 122: ...Vigor3100 Series User s Guide 116...

Отзывы: