Draytek Vigor2620 Series Скачать руководство пользователя | Manualshive

Страница: 577 / 610

background image

Vigor2620 Series User’s Guide

565

S

S

y

y

n

n

t

t

a

a

x

x

D

D

e

e

s

s

c

c

r

r

i

i

p

p

t

t

i

i

o

o

n

n

Parameter Description

-q

Display IKE memory status an dleakage list.

-s

Display IPsec state list.

V2 debug <on/off>

It is used for RD debug.

E

E

x

x

a

a

m

m

p

p

l

l

e

e

> vpn ike -q

IKE Memory Status and Leakage List

# of free L-Buffer=95, minimum=94, leak=1

# of free M-Buffer=529, minimum=529 leak=3

# of free S-Buffer=1199, minimum=1198, leak=1

# of free Msgid-Buffer=1024, minimum=1024

T

T

e

e

l

l

n

n

e

e

t

t

C

C

o

o

m

m

m

m

a

a

n

n

d

d

:

:

v

v

p

p

n

n

M

M

u

u

l

l

t

t

i

i

c

c

a

a

s

s

t

t

This command allows users to pass or block the multi-cast packet via VPN.

S

S

y

y

n

n

t

t

a

a

x

x

vpn Multicast set <H2L/L2L> <index> <Block/Pass>

S

S

y

y

n

n

t

t

a

a

x

x

D

D

e

e

s

s

c

c

r

r

i

i

p

p

t

t

i

i

o

o

n

n

Parameter Description

<H2L/L2L> <index>
<Block/Pass>

<H2L/L2L>: Enter H2L or L2L. Specify which one will be
applied for multi-cast packets.
H2L, means Host to LAN (Remote Access User Accounts).
L2L, means LAN-to-LAN Profile.
<index>: Enter an index number of the profile.
<Block/Pass>: Enter Pass or Block the Multicast Packets..

E

E

x

x

a

a

m

m

p

p

l

l

e

e

> vpn Multicast set L2L 1 Pass

% Lan to Lan Profile Index [1] :

% Status Block/Pass: [PASS]

T

T

e

e

l

l

n

n

e

e

t

t

C

C

o

o

m

m

m

m

a

a

n

n

d

d

:

:

v

v

p

p

n

n

p

p

a

a

s

s

s

s

2

2

n

n

d

d

This command allows users to determine if the packets coming from the second subnet

passing through current used VPN tunnel.

S

S

y

y

n

n

t

t

a

a

x

x

vpn pass2nd <on/off>

S

S

y

y

n

n

t

t

a

a

x

x

D

D

e

e

s

s

c

c

r

r

i

i

p

p

t

t

i

i

o

o

n

n

Parameter Description

<on/off>

<on/off>: Enter on or off.

«
...
575
576
577
578
579
...
»

Содержание Vigor2620 Series

Страница 1: ......

Страница 2: ...Vigor2620 Series User s Guide ii Vigor2620 LTE Series LTE Router User s Guide Version 1 01 Firmware Version V3 8 11 For future update please visit DrayTek web site Date April 26 2019 ...

Страница 3: ... the original end user purchaser that the router will be free from any defects in workmanship or materials for a period of two 2 years from the date of purchase from the dealer Please keep your purchase receipt in a safe place as it serves as proof of date of purchase During the warranty period and upon proof of purchase should the product have indications of failure due to faulty workmanship and ...

Страница 4: ...Quick Access for Common Used Menu 14 I 5 4 GUI Map 15 I 5 5 Web Console 16 I 5 6 Config Backup 16 I 5 7 Logout 17 I 5 8 Online Status 17 I 5 8 1 Physical Connection 17 I 5 8 2 Virtual WAN 19 I 6 Quick Start Wizard 20 I 6 1 LTE 21 I 6 2 WAN1 ADSL VDSL2 23 I 6 3 WAN2 Ethernet 29 I 7 Service Activation Wizard 38 I 8 Registering Vigor Router 40 Part II Connectivity 43 II 1 LTE 44 Web User Interface 45...

Страница 5: ...for IPv6 DHCPv6 Client 86 II 2 2 13 Details Page for IPv6 Static IPv6 87 II 2 2 14 Details Page for IPv6 6in4 Static Tunnel 88 II 2 2 15 Details Page for IPv6 6rd 90 II 2 3 Multi PVC VLAN 92 Application Notes 97 A 1 How to configure IPv6 on WAN interface 97 II 3 LAN 102 Web User Interface 104 II 3 1 General Setup 104 II 3 1 1 Details Page for LAN1 Ethernet TCP IP and DHCP Setup 106 II 3 1 2 Detail...

Страница 6: ...on List 185 Part IV VPN 187 IV 1 VPN and Remote Access 188 Web User Interface 189 IV 1 1 VPN Client Wizard 189 IV 1 2 VPN Server Wizard 195 IV 1 3 Remote Access Control 199 IV 1 4 PPP General Setup 200 IV 1 5 IPsec General Setup 202 IV 1 6 IPsec Peer Identity 204 IV 1 7 Remote Dial in User 206 IV 1 8 LAN to LAN 209 IV 1 9 Connection Management 219 IV 2 SSL VPN 220 Web User Interface 221 IV 2 1 Gen...

Страница 7: ...cebook Service Accessed by the Users via Web Content Filter URL Content Filter 276 Part VI Management 283 VI 1 System Maintenance 284 Web User Interface 285 VI 1 1 System Status 285 VI 1 2 TR 069 287 VI 1 3 Administrator Password 289 VI 1 4 User Password 290 VI 1 5 Configuration Backup 292 VI 1 6 Syslog Mail Alert 294 VI 1 7 Time and Date 296 VI 1 8 SNMP 297 VI 1 9 Management 299 VI 1 10 Panel Con...

Страница 8: ...VII 1 4 IPv6 Group 350 VII 1 5 Service Type Object 351 VII 1 6 Service Type Group 353 VII 1 7 Keyword Object 355 VII 1 8 Keyword Group 357 VII 1 9 File Extension Object 358 VII 1 10 SMS Service Object 360 VII 1 11 Notification Object 363 VII 1 12 String Object 365 Application Notes 366 A 1 How to Send a Notification to Specified Phone Number via SMS Service in WAN Disconnection 366 Part VIII Troub...

Страница 9: ...lood Table 387 VIII 2 Checking If the Hardware Status Is OK or Not 389 VIII 3 Checking If the Network Connection Settings on Your Computer Is OK or Not 390 VIII 4 Pinging the Router from Your Computer 393 VIII 5 Checking If the ISP Settings are OK or Not 395 VIII 6 Backing to Factory Default Setting If Necessary 396 VIII 7 Contacting DrayTek 397 Part IX Telnet Commands 399 Accessing Telnet of Vigo...

Страница 10: ......

Страница 11: ...P Pa ar rt t I I I In ns st ta al ll la at ti io on n This part will introduce Vigor router and guide to install the device in hardware and software ...

Страница 12: ......

Страница 13: ... with large bandwidth By adopting hardware based VPN platform and hardware encryption of AES DES 3DES the router increases the performance of VPN greatly and offers several protocols such as IPSec PPTP L2TP with VPN tunnels The object based design used in SPI Stateful Packet Inspection firewall allows users to set firewall policy with ease CSM Content Security Management provides users control and...

Страница 14: ...linking Slowly The DSL connection is ready Quickly The DSL connection is establishing On Physical line has been connected Blinking The connection is training On The LAN port is connected for Vigor2620L Blinking The data is transmitting through the LAN port On The LAN port is connected for Vigor2620Le Blinking The data is transmitting through the LAN port On LTE device is connected and ready for us...

Страница 15: ...ore than 5 seconds When you see the ACT LED begins to blink rapidly than usual release the button Then the router will restart with the factory default configuration DSL Connecter for accessing the Internet SIM2 SIM1 SIM card slot s P2 P1 Vigor2620L Connecters for local network devices P4 P1 Vigor2620Le Connecters for local network devices ON OFF Power Switch PWR Connecter for a power adapter ...

Страница 16: ...e LAN port is connected for Vigor2620Ln Blinking The data is transmitting through the LAN port On The LAN port is connected for Vigor2620Lne Blinking The data is transmitting through the LAN port On LTE device is connected and ready for use Off LTE device is not detected or has serious problem e g no SIM card SIM pin error SIM deactivated and etc Blinking Vigor device performs initial access proce...

Страница 17: ...e press this button for more than 2 seconds to wait for client s device making network connection through WPS Factory Reset Restore the default settings Usage Turn on the router ACT LED is blinking Press the hole and keep for more than 5 seconds When you see the ACT LED begins to blink rapidly than usual release the button Then the router will restart with the factory default configuration DSL Con...

Страница 18: ...stall the SIM card into the card slot The back plate of the SIM card slot must be removed first and the direction of card notch must be on the left side After installing the SIM card fasten the back plate again 2 Connect to your computer with a RJ 45 cable 3 Connect one end of the power cord to the power port of this device Connect the other end to the wall outlet of electricity 4 Power on the rou...

Страница 19: ...the DSL interface to the external ADSL splitter with an ADSL line cable 2 Connect to your computer with a RJ 45 cable 3 Connect one end of the power cord to the power port of this device Connect the other end to the wall outlet of electricity 4 Power on the router 5 Check the power and DSL LAN LEDs to assure network connections ...

Страница 20: ...rovided on the Vigor2620 packaging box to enable you to space the screws correctly on the wall 2 Place the template on the wall and drill the holes according to the recommended instruction 3 Fit screws into the wall using the appropriate type of wall plug Note The recommended drill diameter shall be 6 5mm 1 4 4 When you finished about procedure the router has been mounted on the wall firmly ...

Страница 21: ...he same subnet as the default IP address of Vigor router 192 168 1 1 For the detailed information please refer to the later section Trouble Shooting of the guide 2 Open a web browser on your PC and type http 192 168 1 1 The following window will be open to ask for username and password 3 Please type admin admin as the Username Password and click Login Info If you fail to access to the web configur...

Страница 22: ...page will be different slightly in accordance with the type of the router you have 5 The web page can be logged out according to the chosen condition The default setting is Auto Logout which means the web configuration system will logout after 5 minutes without any operation Change the setting for your necessity ...

Страница 23: ...into the web user interface with admin mode 3 Go to System Maintenance page and choose Administrator Password 4 Enter the login password the default is admin on the field of Old Password Type New Password and Confirm Password Then click OK to continue Info The maximum length of the password you can set is 23 characters 5 Now the password has been changed Next time use the new password to access th...

Страница 24: ... status including System Information IPv4 Internet Access IPv6 Internet Access Interface physical connection Security and Quick Access Click Dashboard from the main menu on the left side of the main page A web page with default selections will be displayed on the screen Refer to the following figure ...

Страница 25: ... USB ports or LAN1 LAN4 related web setting page will be open for you to configure if required Port Color Description Black It means the router or the function is not working LED Green It means the router or the function is working For detailed information about the LED display refer to I 1 1 LED Indicators and Connectors I I 5 5 2 2 N Na am me e w wi it th h a a L Li in nk k A name with a link e ...

Страница 26: ...nder Quick Access The function links of System Status Dynamic DDNS TR 069 IM P2P Block Schedule Syslog Mail Alert RADIUS Firewall Object Setting and Data Flow Monitor are displayed here Move your mouse cursor on any one of the links and click on it The corresponding setting page will be open immediately In addition quick access for VPN security settings such as Remote Dial in User and LAN to LAN a...

Страница 27: ... indicates that the traffic would be transmitted through LAN port s and then the WAN port The purpose is to perform the traffic monitor of the host s I I 5 5 4 4 G GU UI I M Ma ap p All the functions the router supports are listed with table clearly in this page Users can click the function link to access into the setting page of the function for detailed configuration Click the icon on the top of...

Страница 28: ... on the web user interface Click the Web Console icon on the top of the main screen to open the following screen I I 5 5 6 6 C Co on nf fi ig g B Ba ac ck ku up p There is one way to store current used settings quickly by clicking the Config Backup icon It allows you to backup current settings as a file Such configuration file can be restored by using System Maintenance Configuration Backup Simply...

Страница 29: ...i in ne e S St ta at tu us s I I 5 5 8 8 1 1 P Ph hy ys si ic ca al l C Co on nn ne ec ct ti io on n Such page displays the physical connection status such as LAN connection status WAN connection status ADSL information and so on P Ph hy ys si ic ca al l C Co on nn ne ec ct ti io on n f fo or r I IP Pv v4 4 P Pr ro ot to oc co ol l ...

Страница 30: ...e WAN1 WAN2 WAN3 WAN4 Status Enable Yes in red means such interface is available but not enabled Yes in green means such interface is enabled Line Displays the physical connection VDSL ADSL Ethernet or USB of this interface Name Display the name of the router Mode Displays the type of WAN connection e g PPPoE Up Time Displays the total uptime of the interface IP Displays the IP address of the WAN ...

Страница 31: ...s in green means such interface is enabled No in red means such interface is not available Mode Displays the type of WAN connection e g TSPC Up Time Displays the total uptime of the interface IP Displays the IP address of the WAN interface Gateway IP Displays the IP address of the default gateway Info The words in green mean that the WAN connection of that interface is ready for accessing Internet...

Страница 32: ...ck Start Wizard The first screen of Quick Start Wizard is entering login password After typing the password please click Next On the next page please select the WAN interface that you use If DSL interface is used please choose WAN1 if USB interface is used please choose LTE Then click Next for next step WAN1 and LTE will bring up different configuration page Here we take LTE as an example ...

Страница 33: ...escription Internet Access Specify a connection mode from the drop down menu SIM PIN code Enter PIN code of the SIM card that will be used to access Internet Network Mode Force Vigor router to connect Internet with the mode specified here If you choose 4G 3G 2G as network mode the router will choose a suitable one according to the actual wireless signal automatically APN Name APN means Access Poin...

Страница 34: ...Next Click it to get into the next setting page Cancel Click it to give up the quick start wizard 3 Please manually enter the Username Password provided by your ISP Click Next for viewing summary of such connection 4 Click Finish A page of Quick Start Wizard Setup OK will appear 5 Now you can enjoy surfing on the Internet ...

Страница 35: ...plained as follows Item Description Display Name Enter a name to identify such WAN Physical Mode Display the physical mode of this WAN interface DSL Mode Specify a DSL mode from the drop down menu P PP PP Po oE E P PP PP Po oA A 1 Choose WAN1 as WAN Interface and click the Next button you will get the following page Available settings are explained as follows ...

Страница 36: ...r Secondary DNS Enter secondary IP address for necessity in the future VLAN Tag insertion VDSL2 ADSL Enable Enable the function of VLAN with tag The router will add specific VLAN number to all packets on the WAN while sending them out Please Enter the tag value and specify the priority for the packets sending by WAN1 Disable Disable the function of VLAN with tag Tag value Enter the value as the VL...

Страница 37: ...um length of the user name you can set is 63 characters Password Assign a valid password provided by the ISP Note The maximum length of the password you can set is 62 characters Confirm Password ReEnter the password Back Click it to return to previous setting page Next Click it to get into the next setting page Cancel Click it to give up the quick start wizard 3 After finished the above settings c...

Страница 38: ...Vigor2620 Series User s Guide 26 4 Click Finish A page of Quick Start Wizard Setup OK will appear 5 Now you can enjoy surfing on the Internet ...

Страница 39: ...e two modes offered for you to choose for WAN1 interface Choose MPoA Static or Dynamic IP as the protocol For ADSL Only Such field is provided for ADSL only You have to choose encapsulation and Enter the values for VPI and VCI Or click Auto detect to find out the best values Fixed IP Click Yes to enable Fixed IP feature IP Address Enter the IP address if Fixed IP is enabled Subnet Mask Enter the s...

Страница 40: ...AN1 Disable Disable the function of VLAN with tag Tag value Enter the value as the VLAN ID number The range is from 0 to 4095 Priority Enter the packet priority number for such VLAN The range is from 0 to 7 Back Click it to return to previous setting page Next Click it to get into the next setting page Cancel Click it to give up the quick start wizard 2 Please Enter the IP address mask gateway inf...

Страница 41: ...ed as follows Item Description Display Name Type a name for the router Physical Mode Display the physical mode of this WAN interface Physical Type This setting is available when Ethernet is selected as Physical Mode In general Auto negotiation is suggested P PP PP Po oE E 1 Choose WAN2 as the WAN Interface and choose Ethernet as the Physical Mode Click the Next button The following page will be op...

Страница 42: ...service Username Assign a specific valid user name provided by the ISP Note The maximum length of the user name you can set is 63 characters Password Assign a valid password provided by the ISP Note The maximum length of the password you can set is 62 characters Confirm Password ReEnter the password Back Click it to return to previous setting page Next Click it to get into the next setting page Ca...

Страница 43: ...e 31 3 Please manually enter the Username Password provided by your ISP Click Next for viewing summary of such connection 4 Click Finish A page of Quick Start Wizard Setup OK will appear 5 Now you can enjoy surfing on the Internet ...

Страница 44: ...settings are explained as follows Item Description Username Assign a specific valid user name provided by the ISP Note The maximum length of the user name you can set is 63 characters Password Assign a valid password provided by the ISP Note The maximum length of the password you can set is 62 characters Confirm Password ReEnter the password WAN IP Configuration Obtain an IP address automatically ...

Страница 45: ...ary IP address for necessity in the future PPTP Server Enter the IP address of the server Back Click it to return to previous setting page Next Click it to get into the next setting page Cancel Click it to give up the quick start wizard 3 Please Enter the IP address mask gateway information originally provided by your ISP Then click Next for viewing summary of such connection 4 Click Finish A page...

Страница 46: ...ISP Available settings are explained as follows Item Description WAN IP Enter the IP address Subnet Mask Enter the subnet mask Gateway Enter the IP address of gateway Primary DNS Enter the primary IP address for the router Secondary DNS Enter secondary IP address for necessity in the future Back Click it to return to previous setting page Next Click it to get into the next setting page Cancel Clic...

Страница 47: ...Vigor2620 Series User s Guide 35 3 Click Next for next step 4 Click Finish A page of Quick Start Wizard Setup OK will appear 5 Now you can enjoy surfing on the Internet ...

Страница 48: ...ings are explained as follows Item Description Host Name Enter the name of the host Note The maximum length of the host name you can set is 39 characters MAC Some Cable service providers specify a specific MAC address for access authentication In such cases you need to enter the MAC address Back Click it to return to previous setting page Next Click it to get into the next setting page Cancel Clic...

Страница 49: ... finished the settings above click Next for viewing summary of such connection 4 Click Finish A page of Quick Start Wizard Setup OK will appear Then the system status of this protocol will be shown 5 Now you can enjoy surfing on the Internet ...

Страница 50: ...ase type admin admin on Username Password while Logging into the web user interface Service Activation Wizard is a tool which allows you to activate services without accessing into the server MyVigor located on http myvigor draytek com Info Such function is available only for Admin Mode 1 Open Wizards Service Activation Wizard 2 In the following page you can activate the Web content filter service...

Страница 51: ...lView WCF package from retailing outlets DT DDNS developed by DrayTek offers one year free charge service of dynamic DNS service for internal use 3 Setting confirmation page will be displayed as follows please click Activate Info The service will be activated and applied as the default rule configured in Firewall General Setup 4 Now the web page will display the service that you have activated acc...

Страница 52: ...o register your Vigor router to MyVigor website for getting more service Please follow the steps below to finish the router registration 1 Please login the web configuration interface of Vigor router by typing admin admin as User Name Password 2 Click Support Area Production Registration from the home page 3 A Login page will be shown on the screen Please Enter the account and password that you cr...

Страница 53: ...reement regarding user rights carefully while creating a user account 4 The following page will be displayed after you logging in MyVigor Type a nickname for the router then click Add 5 When the following page appears your router information has been added to the database 6 After clicking OK you will see the following page Your router has been registered to myvigor website successfully ...

Страница 54: ...Vigor2620 Series User s Guide 42 This page is left blank ...

Страница 55: ...is a group of subnets regulated and ruled by router The design of network structure is related to what type of public IP addresses coming from your ISP When the data flow passing through the Network Address Translation NAT function of the router will dedicate to translate public private addresses and the packets will be delivered to the correct host PC in the local area network DNS LAN DNS IGMP UP...

Страница 56: ...hat can Vigor router utilize this SIM card to provide more useful functions for user Now we have developed some useful functions for user such as sending SMS from a router to report router status rebooting router remotely via SMS with taking security into consideration and so on This section can guide you to use the SIM card in LTE WAN to perform SMS related operations ...

Страница 57: ...scription Enable SMS Quota Limit Check the box to enable such feature Quota Limit Specify the maximum number of sending SMS for LTE When quota exceeded There are two actions to be performed when the quota limit is expired Stop sending SMS If it is checked no SMS for LTE will be sent after the quota limit is expired Send Mail Alert to Administrator If it is checkd a mail alert will be sent to the a...

Страница 58: ...pecifying the days and the hours Cycle duration Specify the days to reset the number of SMS sent For example 7 means the whole cycle is 7 days 20 means the whole cycle is 20 days When the time is up the router will reset the number of SMS sent automatically Today is day XX in the cycle Specify the day in the cycle duration as the starting point which Vigor router will reset the number of SMS sent ...

Страница 59: ...ease note that the SIM card can not receive new SMS when all SMS indexes are occupied Click the Simple Mode link or the Advanced Mode link below to switch between these two modes I II I 1 1 2 2 1 1 S Si im mp pl le e M Mo od de e Available settings are explained as follows Item Description Mark as Read Those messages in unread state are showed in bold text If you want to change messages into read ...

Страница 60: ... Description Mark as Read Those SMS in unread state are shown in bold text If you want to change SMS into read state select them and click the OK button Checking the checkbox in title will select all unread SMS in this page Delete If you want to delete SMS select them and click the OK button Checking the checkbox in title will select all SMS in this page Index If you want to read the full content ...

Страница 61: ... s Guide 49 Message Content Display the full content of the message OK Return to previous page Delete Click it to delete all SMS of this message and return to previous page Next Click it to see the content of next SMS index ...

Страница 62: ...t can be an international phone number 8869123455678 or a general phone number 0912345678 Data Coding Scheme The router will automatically select a suitable Data Coding Scheme according to the current content in Message GSM 7 bit and UCS 2 are supported Message Type in the message content to send The total number of characters that you can type in this field is 1024 Send Message Click it to send t...

Страница 63: ...n to reboot Vigor router remotely and get the router status via SMS Go to LTE Router Commands to get the following page Available settings are explained as follows Item Description Reboot on SMS Message Enable with Password PIN To reboot Vigor router remotely via SMS please check such box and type the password PIN number treated as ...

Страница 64: ...tering the password PIN specified in this field The password shall be composed by letters numbers and baseline Access Control List Check the box to type or modify up to 3 phone numbers The phone number specified here is capable of getting related information about Vigor router remotely Note If such option is enabled only mobile phones specified here are allowed to obtaine related information about...

Страница 65: ...ion Status LTE WAN status IMEI International Mobile Equipment Identity of the embedded LTE module IMSI International Mobile Subscripber Identity of the LTE SIM card Access Tech Type of LTE connection CDMA GSM WCDMA LTE TD SCDMA Band Band of LTE connection Operator ISP name of LTE connection Mobile Country Code Mobile Network Code Location Area Code Cell ID Base station information RSSI Signal Sign...

Страница 66: ...er The phone number for SMS service of the LTE SIM card SMS Service status Whether the SMS service of the LTE SIM card is ready SMS Loading Whether the received SMS messages in the LTE SIM card have been loaded to the Router New SMS The number of unread SMS in SMS Inbox ...

Страница 67: ...e IP address assigned by the built in DHCP server of the Vigor router The router itself will also use the default private IP address 192 168 1 1 to communicate with the local hosts Meanwhile Vigor router will communicate with other network devices through a public IP address When the data flow passing through the Network Address Translation NAT function of the router will dedicate to translate pub...

Страница 68: ...eneral setup for WAN1and WAN3 respectively Available settings are explained as follows Item Description Index Click the WAN LTE interface link under Index to access into the WAN configuration page Enable V means such WAN interface is enabled and ready to be used Physical Mode Type Display the physical mode and physical type of such WAN interface Active Mode Display whether such WAN interface is Ac...

Страница 69: ...dem code for ensuring the network connection If you have no idea about the selection simply choose Default or contact the dealer for assistance VLAN Tag insertion Enable Enable the function of VLAN with tag The router will add specific VLAN number to all packets on the WAN while sending them out Please Enter the tag value and specify the priority for the packets sending by WAN interface Disable Di...

Страница 70: ... invoke the settings for this WAN interface Choose No to disable the settings for this WAN interface Display Name Enter the description for such WAN interface Physical Mode Display the physical mode of this WAN interface Active Mode Choose Always On to make the WAN1 connection being activated always Failover Choose it to make the WAN connection as a backup connection After finished the above setti...

Страница 71: ...to choose a proper access mode The details page of that mode will be popped up If not click Details Page for accessing the page to configure the settings Details Page This button will open different web page based on IPv4 according to the access mode that you choose in WAN interface IPv6 This button will open different web page based on Physical Mode to setup IPv6 Internet Access Mode for WAN inte...

Страница 72: ...i PVC VLAN Option Number Type a number for such function Note If you choose to configure option 61 here the detailed settings in WAN Interface Access will be overwritten DataType Choose the type ASCII or Hex for the data to be stored Data Enter the content of the data to be processed by the function of DHCP option I II I 2 2 2 2 1 1 D De et ta ai il ls s P Pa ag ge e f fo or r P PP PP Po oE E P PP...

Страница 73: ...Internet Access Multi PVCs Select M PVCs Channel means no selection will be chosen VPI Type in the value provided by ISP VCI Type in the value provided by ISP Encapsulating Type Drop down the list to choose the type provided by ISP Protocol Drop down the list to choose the one PPPoE or PPPoA provided by ISP If you have already used Quick Start Wizard to set the protocol then it is not necessary fo...

Страница 74: ...ion mode you have to type Primary or Secondary IP address in this field for pinging Ping Gateway IP If you choose Ping Detect as detection mode you also can enable this setting to use current WAN gateway IP address for pinging With the IP address es pinging Vigor router can check if the WAN connection is on or off TTL Time to Live Set TTL value of PING operation Ping Interval Enter the interval fo...

Страница 75: ...o 8 public IP addresses other than the current one you are using Dial Out Schedule You can type in four sets of time schedule for your request All the schedules can be set previously in Applications Schedule web page and you can use the number that you have set in that web page PPPoE Pass through The router offers PPPoE dial up connection Besides you also can establish the PPPoE connection directl...

Страница 76: ...s here please click OK to activate them I II I 2 2 2 2 2 2 D De et ta ai il ls s P Pa ag ge e f fo or r M MP Po oA A S St ta at ti ic c o or r D Dy yn na am mi ic c I IP P i in n W WA AN N1 1 P Ph hy ys si ic ca al l M Mo od de e A AD DS SL L MPoA is a specification that enables ATM services to be integrated with existing LANs which use either Ethernet token ring or TCP IP protocols The goal of MP...

Страница 77: ... automatically Click this button to obtain the IP address automatically More Options Click it to display router name and domain name items Router Name Type in the router name provided by ISP Domain Name Type in the domain name that you have assigned DHCP Client Identifier Check the box to specify username and password as the DHCP client identifier for some ISP Username Type a name as username The ...

Страница 78: ...on mode you have to type Primary or Secondary IP address in this field for pinging Ping Gateway IP If you choose Ping Detect as detection mode you also can enable this setting to use current WAN gateway IP address for pinging With the IP address es pinging Vigor router can check if the WAN connection is on or off TTL Time to Live Set TTL value of PING operation Ping Interval Type the interval for ...

Страница 79: ...ers exchange routing tables information Click Enable RIP for activating this function Bridge Mode Enable Bridge Mode If the function is enabled the router will work as a bridge modem Yet the incoming packets with VLAN tags will be discarded Enable Firewall It is available when Bridge Mode is enabled When both Bridge Mode and Firewall check boxes are enabled the settings configured user profiles un...

Страница 80: ...justed in this page will be invalid ADSL Modem Setting It is not necessary to configure settings in these fields for modem settings are prepared for ADSL only ISP Access Setup Enter your allocated username password and authentication parameters according to the information provided by your ISP Username Type in the username provided by ISP in this field Password Type in the password provided by ISP...

Страница 81: ...before WAN disconnection is judged MTU It means Max Transmit Unit for packet Path MTU Discovery It is used to detect the maximum MTU size of a packet not to be segmented in specific transmit path Click Path MTU Discovery to open the following dialog Path MTU to Type the IP address as the specific transmit path MTU size start from Determine the starting point value of the packet MTU reduce size by ...

Страница 82: ...tted by PC will be transformed into PPPoA package and sent to WAN server Thus the PC can access Internet through such direction For Wired LAN If you check this box PCs on the same network can use another set of PPPoE session different with the Host PC to access into Internet For Wireless LAN It is available for n model If you check this box PCs on the same wireless network can use another set of P...

Страница 83: ...sing protocol of the Internet select MPoA Static or Dynamic IP from the WAN Internet Access WAN1 page The following web page will appear Available settings are explained as follows Item Description Enable Disable Click Enable for activating this function If you click Disable this function will be closed and all the settings that you adjusted in this page will be invalid ADSL Modem Settings It is n...

Страница 84: ...esses and would like to utilize them on the WAN interface please use WAN IP Alias You can set up to 8 public IP addresses other than the current one you are using Notice that this setting is available for WAN1 only Type the additional WAN IP address and check the Enable box Then click OK to exit the dialog DNS Server IP Address Type in the primary IP address for the router If necessary type in sec...

Страница 85: ...umber specified in this field is 8 The maximum MTU size is 1500 After clicking the detect button the system will calculate and get the suitable MTU value such as 1500 1492 1484 and etc automatically Detect Click it to detect a suitable MTU value Accept After clicking it the detected value will be displayed in the field of MTU RIP Protocol Routing Information Protocol is abbreviated as RIP RFC1058 ...

Страница 86: ...ed in this page will be invalid ISP Access Setup Enter your allocated username password and authentication parameters according to the information provided by your ISP Service Name Enter the description of the specific network service Username Type in the username provided by ISP in this field The maximum length of the user name you can set is 63 characters Password Type in the password provided b...

Страница 87: ...It is used to detect the maximum MTU size of a packet not to be segmented in specific transmit path Click Detect to open the following dialog Path MTU to Type the IP address as the specific transmit path MTU size start from Determine the starting point value of the packet Default setting is 1500 MTU reduce size by It determines the decreasing size of MTU value For example the number specified in t...

Страница 88: ...N1 only Type the additional WAN IP address and check the Enable box Then click OK to exit the dialog Fixed IP Address Type in a fixed IP address Default MAC Address You can use Default MAC Address or specify another MAC address by typing on the boxes of MAC Address for the router Specify a MAC Address Type the MAC address for the router manually After finishing all the settings here please click O...

Страница 89: ...Check Enable PING to keep alive box to activate this function PING to the IP If you enable the PING function please specify the IP address for the system to PING it for keeping alive PING Interval Enter the interval for the system to execute the PING operation WAN Connection Detection Such function allows you to verify whether network connection is alive or not through ARP Detect or Ping Detect Mo...

Страница 90: ...ect button the system will calculate and get the suitable MTU value such as 1500 1492 1484 and etc automatically Detect Click it to detect a suitable MTU value Accept After clicking it the detected value will be displayed in the field of MTU RIP Protocol Routing Information Protocol is abbreviated as RIP RFC1058 specifying how routers exchange routing tables information Click Enable RIP for activa...

Страница 91: ...ddress Subnet Mask Enter the subnet mask Gateway IP Address Enter the gateway IP address Default MAC Address Click this radio button to use default MAC address for the router Specify a MAC Address Some Cable service providers specify a specific MAC address for access authentication In such cases you need to click the Specify a MAC Address and enter the MAC address in the MAC Address field DNS Serv...

Страница 92: ...e Specify Gateway IP Address Specify the gateway IP address for DHCP server ISP Access Setup Username Enter the username provided by ISP in this field The maximum length of the user name you can set is 63 characters Password Enter the password provided by ISP in this field The maximum length of the password you can set is 62 characters Index 1 15 in Schedule Setup You can Enter four sets of time s...

Страница 93: ...Assignment Method IPCP WAN IP Alias If you have multiple public IP addresses and would like to utilize them on the WAN interface please use WAN IP Alias You can set up to 8 public IP addresses other than the current one you are using Fixed IP Usually ISP dynamically assigns IP address to you each time you connect to it and request In some case your ISP provides service to always assign you the sam...

Страница 94: ... In addition PCs under LAN also can have the public IPv6 address for Internet access by means of the generated prefix No need to type any other information for PPP mode Available settings are explained as follows Item Description WAN Connection Detection Such function allows you to verify whether network connection is alive or not through Ping Detect Mode Choose NS Detect Always On or Ping Detect ...

Страница 95: ... protocol client TSPC is an application which could help you to connect to IPv6 network easily Please make sure your IPv4 WAN connection is OK and apply one free account from hexago http gogonet gogo6 com page freenet6 account before you try to use TSPC for network connection TSPC would connect to tunnel broker and requests a tunnel according to the specifications inside the configuration file It ...

Страница 96: ...r Enter the address for the tunnel broker IP FQDN or an optional port number WAN Connection Detection Such function allows you to verify whether network connection is alive or not through Ping Detect Mode Choose NS Detect Always On or Ping Detect for the system to execute for WAN detection Always On means no detection will be executed The network connection will be on always Ping IP Hostname If yo...

Страница 97: ...you can set is 19 characters Tunnel Broker It means a server of AICCU The server can provide IPv6 tunnels to sites or end users over IPv4 Enter the address for the tunnel broker IP FQDN or an optional port number Tunnel ID One user account may have several tunnels And each tunnel shall have one specified tunnel ID e g T115394 Enter the ID offered by Tunnel Broker Subnet Prefix Enter the subnet pre...

Страница 98: ...nnection Detection Such function allows you to verify whether network connection is alive or not through NS Detect or Ping Detect Mode Choose Always On Ping Detect or NS Detect for the system to execute for WAN detection With NS Detect mode the system will check if network connection is established or not like IPv4 ARP Detect Always On means no detection will be executed The network connection wil...

Страница 99: ...or prefix length Add Click it to add a new entry Update Click it to modify an existed entry Delete Click it to remove an existed entry Current IPv6 Address Table Display current interface IPv6 address Static IPv6 Gateway Configuration IPv6 Gateway Address Type your IPv6 gateway address here WAN Connection Detection Such function allows you to verify whether network connection is alive or not throu...

Страница 100: ...of 2002 0 16 So you can use a fixed endpoint rather than anycast endpoint The mode has more reliability Available settings are explained as follows Item Description Remote Endpoint IPv4 Address Enter the static IPv4 address for the remote server 6in4 IPv6 Address Enter the static IPv6 address for IPv4 tunnel with the value for prefix length LAN Routed Prefix Enter the static IPv6 address for LAN r...

Страница 101: ...ing TTL Time to Live If you choose Ping Detect as detection mode you have to type TTL value After finished the above settings click OK to save the settings Below shows an example for successful IPv6 connection based on 6in4 Static Tunnel mode ...

Страница 102: ... may be any value between 0 and 32 6rd Prefix Enter the 6rd IPv6 address 6rd Prefix Length Enter the IPv6 prefix length for the 6rd IPv6 prefix in number of bits WAN Connection Detection Such function allows you to verify whether network connection is alive or not through Ping Detect Mode Choose NS Detect Always On or Ping Detect for the system to execute for WAN detection Always On means no detec...

Страница 103: ...Vigor2620 Series User s Guide 91 ...

Страница 104: ...nnel Available settings are explained as follows Item Description Channel Display the number of each channel Channels 1 and 2 are used by the Internet Access web user interface and can not be configured here Channels 5 7 are configurable Enable Display whether the settings in this channel are enabled Yes or not No WAN Type Displays the physical medium that the channel will use VLAN Tag Displays th...

Страница 105: ...s follows Item Description Enable Channel 4 5 6 Enable Select to enable this channel Disable Select to disable this channel General Settings VLAN Tag Enter the value as the VLAN ID number Valid settings are in the range from 1 to 4095 The network traffic flowing on each channel will be identified by the system via their VLAN Tags Channels using the same WAN type may not configure the same VLAN tag...

Страница 106: ...P If you choose Ping Detect as detection mode you have to type Primary or Secondary IP address in this field for pinging Ping Gateway IP If you choose Ping Detect as detection mode you also can enable this setting to use current WAN gateway IP address for pinging With the IP address es pinging Vigor router can check if the WAN connection is on or off TTL Time to Live Set TTL value of PING operatio...

Страница 107: ...ormation from a DHCP server Router Name Sets the value of DHCP Option 12 which is used by some ISPs Domain Name Sets the value of DHCP Option 15 which is used by some ISPs Specify an IP address Select this option to manually enter the IP address IP Address Type in the IP address Subnet Mask Type in the subnet mask Gateway IP Address Type in gateway IP address DNS Server IP Address Type in the prim...

Страница 108: ...ell Rate The default setting is 0 SCR It represents Sustainable Cell Rate The value of SCR must be smaller than PCR MBS It represents Maximum Burst Size The range of the value is 10 to 50 PVC to PVC Binding It allows the enabled PVC channel to use the same ADSL connection settings of another PVC channel Please choose the PVC channel via the drop down list After finished the above settings click OK...

Страница 109: ...g to demonstrate how to implement an IPv6 address on Vigor Router s WAN 1 Before configuring IPv6 on WAN please make sure the router is connected to the IPv4 Internet 2 Go to WAN Internet Access click on IPv6 of the WAN interface that you would like to configure an IPv6 address 3 Select a Connection Type from the drop down list enter the required parameters Then click OK and reboot the router to a...

Страница 110: ...ck the status from the IPv6 tab on Online Status Physical Connection page 5 Furthermore Network Administrator may test the connectivity of IPv6 from the router by going to Diagnostics Ping Diagnosis and selecting IPv6 Below we will provide some examples of configuring IPv6 with different connection types ...

Страница 111: ...u un nn ne el l S Se et tu up p P Pr ro ot to oc co ol l C Cl li ie en nt t In this mode the IPv6 connectivity is provided by a tunnel broker on the IPv4 Internet through a tunnel set up by Tunnel Setup Protocol TSP To use TSPC you ll need to sign up for a tunnel broker service and get a username and password first then configure the router as follows 1 Set Connection Type to TSPC 2 Enter the User...

Страница 112: ... for you you may configure that IPv6 address for WAN by doing the following steps 1 Set Connection Type to Static IPv6 2 Enter the IPv6 address and Prefix Length which provided by the ISP and click Add 3 You should see the IPv6 address in Current IPv6 Address Table Then specify the IP address of IPv6 Gateway ...

Страница 113: ...ed manually To use 6in4 Static Tunnel you need sign up for a tunnel broker service and get an IPv6 address and routed IPv6 prefixes first Then configure the router as follows 1 Set Connection Type to 6in4 Static Tunnel 2 Enter the tunnel server s IPv4 address in Remote Endpoint IPv4 Address 3 Enter the router s IPv6 address in 6in4 IPv6 Address 4 Enter the routed IPv6 prefix in LAN Routed Prefix ...

Страница 114: ... the packets from public IP address to private IP address to forward the right packets to the right host and vice versa Besides Vigor router has a built in DHCP server that assigns private IP address to each local host See the following diagram for a briefly understanding In some special case you may have a public IP subnet from your ISP such as 220 135 240 0 24 This means that you can set up a pu...

Страница 115: ... St ta at ti ic c R Ro ou ut te e When you have several subnets in your LAN sometimes a more effective and quicker way for connection is the Static routes function rather than other method You may simply set rules to forward data from one specified subnet to another specified subnet without the presence of RIP W Wh ha at t a ar re e V Vi ir rt tu ua al l L LA AN Ns s a an nd d R Ra at te e C Co on...

Страница 116: ...ls that can be configured to restrict traffic coming in and going out of the computer VLANs on the other hand are usually set up using network switches or routers To communicate with the hosts outside of the LAN LAN clients have to go through a network gateway which in most cases is a router that sits between the LAN and the ISP network which is the WAN The router acts as a director to ensure traf...

Страница 117: ... IPv6 Click it to access into the settings page of IPv6 DHCP Server Option DHCP packets can be processed by adding option number and data information when such function is enabled For detailed information refer to later section Force router to use DNS server IP address Force Vigor router to use DNS servers configured in LAN1 LAN2 instead of DNS servers given by the Internet Access server PPPoE PPT...

Страница 118: ...nts allowed on the subnet Default 255 255 255 0 24 RIP Protocol Control Enable When Enabled the router will attempt to exchange routing information with neighbouring routers using the Routing Information Protocol DHCP Server Configuration DHCP stands for Dynamic Host Configuration Protocol The router by factory default acts a DHCP server for your network so it automatically dispatches related IP s...

Страница 119: ...ests every minute when the available DHCP IP addresses are less than 30 Clear DHCP lease when the client is not responding ARP replies Enable Relay Agent When selected all DHCP requests are forwarded to a DHCP server outside of the LAN subnet and whose address is specified in the DHCP Server IP Address field DHCP Server IP Address It is available when Enable Relay Agent is checked Set the IP addre...

Страница 120: ...k it is important to exclude the static IP addresses from the DHCP IP pool For example if your LAN uses the 192 168 1 x subnet and you have 20 DHCP clients and 20 static IP clients you could configure 192 168 1 10 as the Start IP Address 50 as the IP Pool Counts enough for the current number of DHCP clients plus room for future expansion and use addresses greater than 192 168 1 100 for static assi...

Страница 121: ... lease for inactive clients periodically If selected the router sends ARP requests recycles IP addresses previously assigned to inactive DHCP clients to prevent exhaustion of the IP address pool Note When Clear DHCP lease for inactive clients periodically is enabled router will do the following Check activities of DHCP clients by ARP requests every minute when the available DHCP IP addresses are l...

Страница 122: ...click OK to save and exit this page I II I 3 3 1 1 3 3 D De et ta ai il ls s P Pa ag ge e f fo or r I IP P R Ro ou ut te ed d S Su ub bn ne et t Available settings are explained as follows Item Description Network Configuration Enable Disable Click Enable to enable such configuration click Disable to disable such configuration For Routing Usage IP Address This is the IP address of the router Defau...

Страница 123: ...unts or 253 minus the last octet of the Start IP Address whichever is smaller Lease Time The maximum duration DHCP issued IP addresses can be used before they have to be renewed Use LAN Port Specify an IP for IP Route Subnet If it is enabled DHCP server will assign IP address automatically for the clients coming from P1 and or P2 Please check the box of P1 and P2 Use MAC Address Check such box to ...

Страница 124: ...iled information Below shows the settings page for IPv6 It provides 2 daemons for LAN side IPv6 address configuration One is SLAAC stateless and the other is DHCPv6 Stateful server Available settings are explained as follows Item Description Enable IPv6 Check the box to enable the configuration of LAN 1 IPv6 Setup WAN Primary Interface Use the drop down list to specify a WAN interface for IPv6 Sta...

Страница 125: ... or not Primary DNS Sever Enter the IPv6 address for Primary DNS server Secondary DNS Server Type another IPv6 address for DNS server if required Disable DNS server will not be used Management Configures the Managed Address Configuration flag M bit in Route Advertisements Off No configuration information is sent using Route Advertisements SLAAC stateless M bit is unset DHCPv6 stateful M bit is set...

Страница 126: ...settings for DHCPv6 server Advance setting The Advanced Settings page has additional settings for Router Advertisement and enabling multiple WANs for IPv6 traffic Router Advertisement Configuration Click Enable to enable router advertisement server The router advertisement daemon sends Router Advertisement messages specified by RFC 2461 to a local Ethernet LAN periodically and when requested by a ...

Страница 127: ...Extension WAN In addition to the default WAN used for IPv6 traffic specified in the WAN Primary Interface in the LAN IPv6 Setup page additional WANs can be selected to carry IPv6 traffic by enabling them in the Extension WAN section Available WAN Additional WANs available but not currently selected to carry IPv6 traffic Selected WAN Additional WANs selected to carry IPv6 traffic After making chang...

Страница 128: ...f Example 2f70617468 Address List One or more IPv4 addresses delimited by commas Data Data of this DHCP option To add a DHCP option entry from scratch clear the data entry fields Enable Interface Option Number DataType and Data by clicking Reset After filling in the values click Add to create the new entry To add a DHCP option entry modeled after an existing entry click the model entry in Customiz...

Страница 129: ...ies for LAN side QoS You can assign each of VLANs to each of the different IP subnets that the router may also be operating to provide even more isolation The said functionality is tag based multi subnet P Po or rt t B Ba as se ed d V VL LA AN N Relative to tag based VLAN which groups clients with an identifier port based VLAN uses physical ports P1 P2 to separate the clients into different VLAN g...

Страница 130: ...Enter the tag value and specify the priority for the packets sending by LAN VID Enter the value as the VLAN ID number The range is form 0 to 4095 VIDs must be unique Priority Valid values are from 0 to 7 where 1 has the lowest priority followed by 0 and finally from 2 to 7 in increasing order of priority Info Leave one VLAN untagged at least to prevent from not connecting to Vigor router due to un...

Страница 131: ...s but keeping their local traffic completely separated C Co on nf fi ig gu ur ri in ng g p po or rt t b ba as se ed d V VL LA AN N f fo or r w wi ir re el le es ss s a an nd d n no on n w wi ir re el le es ss s c cl li ie en nt ts s 1 All the wire network clients are categorized to group VLAN0 in subnet 192 168 1 0 24 LAN1 2 All the wireless network clients are categorized to group VLAN1 in subnet...

Страница 132: ...ations refer to Appendix I VLAN Application on Vigor Router for more detailed information I II I 3 3 3 3 B Bi in nd d I IP P t to o M MA AC C This function is used to bind the IP and MAC address in LAN to have a strengthening control in network With the Bind IP to MAC feature you can reserve LAN IP addresses for LAN clients Each reserved IP address is associated with a Media Access Control MAC add...

Страница 133: ...d as follows Item Description Enable Click this radio button to invoke this function However IP MAC which is not listed in IP Bind List also can connect to Internet Disable Click this radio button to disable this function All the settings on this page will be invalid ...

Страница 134: ...ow Select All Select all entries in the ARP Table for manipulation Sort Reorder the entry based on the IP address Refresh Refresh the ARP table listed below to obtain the newest ARP table information Add Update to IP Bind List IP Address Enter the IP address to be associated with a MAC address Mac Address Enter the MAC address of the LAN client s network interface Comment Type a brief description ...

Страница 135: ... select Strict Bind you have to bind one set of IP MAC address for one PC If not no one of the PCs can access into Internet And the web user interface of the router might not be accessed When you finish the configuration click OK to save the settings ...

Страница 136: ...lic IP address and the router will do the inversion based on its table Therefore the internal host can communicate with external host smoothly The benefit of the NAT includes Save cost on applying public IP address and apply efficient usage of IP address NAT allows the internal IP addresses of local hosts to be translated into one public IP address thus you can have only one IP address on behalf o...

Страница 137: ...ess domain name are recognized by all users Since the server is actually located inside the LAN the network well protected by NAT of the router and identified by its private IP address port the goal of Port Redirection function is to forward all access request with public IP address from external users to the mapping private IP address port of the server The port redirection can only apply to inco...

Страница 138: ...terface Display the WAN IP address used by the profile Protocol Display the transport layer protocol TCP or UDP Public Port Display the port number which will be redirected to the specified Private IP and Port of the internal host Source IP Display the source IP address or object Private IP Display the IP address of the internal host providing the service Press any number under Index to access int...

Страница 139: ...All which means all the incoming data from any port will be redirected to all intefaces Public Port Specify which port can be redirected to the specified Private IP and Port of the internal host If you choose Range as the port redirection mode you will see two boxes on this field Enter the required number on the first box as the starting port and the second box as the ending port Source IP Use the...

Страница 140: ...example the built in web user interface in the router is with default port 80 which may conflict with the web server in the local network http 192 168 1 13 80 Therefore you need to change the router s http port to any one other than the default port 80 to avoid conflict such as 8080 This can be set in the System Maintenance Management Setup You then will access the admin screen of by suffixing the...

Страница 141: ...ngle host in the LAN Regular web surfing and other such Internet activities from other clients will continue to work without inappropriate interruption DMZ Host allows a defined internal user to be totally exposed to the Internet which usually helps some special applications such as Netmeeting or Internet Games etc The security properties of NAT are somewhat bypassed if you set up DMZ host We sugg...

Страница 142: ...osts in your LAN network Select one private IP address in the list to be the DMZ host When you have selected one private IP from the above dialog the IP address will be shown on the following screen Click OK to save the setting If you previously have set up WAN Alias for PPPoE or Static or Dynamic IP mode in WAN interface you will find them in Aux WAN IP for your selection Available settings are e...

Страница 143: ...ts of a list of private IP addresses of all hosts in your LAN network Select one private IP address in the list to be the DMZ host When you have selected one private IP from the above dialog the IP address will be shown on the screen Click OK to save the setting After finishing all the settings here please click OK to save the configuration ...

Страница 144: ...want to offer service in a local host You should click the appropriate index number to edit or clear the corresponding entry Comment Specify the name for the defined network service WAN Interface Display the WAN interface used by such index Aux WAN IP Display the IP alias setting used by such index If no IP alias setting exists such field will not appear Source IP Display the name of source IP obj...

Страница 145: ...Enter the private IP address of the local host or click Choose IP to select one Choose IP Click this button and subsequently a window having a list of private IP addresses of local hosts will automatically pop up Select the appropriate IP address of the local host in the list Protocol Specify the transport layer protocol It could be TCP UDP or none for selection Start Port Specify the starting por...

Страница 146: ...iation Protocol ALG for processing the packets of voice and video RTSP ALG makes RTSP message RTCP message and RTP packets of voice and video be transmitted and received correctly via NAT by Vigor router However SIP ALG makes SIP message and RTP packets of voice be transmitted and received correctly via NAT by Vigor router Available settings are explained as follows Item Description Enable ALG Che...

Страница 147: ...s User s Guide 135 TCP Check the box to make correspond protocol message packet from TCP transmit and receive via NAT UDP Check the box to make correspond protocol message packet from UDP transmit and receive via NAT ...

Страница 148: ... le e The Vigor router has a built in clock which can update itself manually or automatically by means of Network Time Protocols NTP As a result you can not only schedule the router to dialup to the Internet at a specified time but also restrict Internet access to certain hours so that users can connect to the Internet only during certain hours say business hours The schedule is also applicable to...

Страница 149: ...d password test 2 Open Applications Dynamic DNS 3 In the DDNS setup menu check Enable Dynamic DNS Setup Available settings are explained as follows Item Description Enable Dynamic DNS Setup Check this box to enable DDNS function Set to Factory Default Clear all profiles and recover to factory settings View Log Display DDNS log status Force Update Force the router updates its information to DDNS se...

Страница 150: ...k Enable Dynamic DNS Account and choose correct Service Provider dyndns org Enter the registered hostname hostname and domain name suffix dyndns org in the Domain Name block The following two blocks should be typed your account Login Name test and Password test If User Defined is specified as the service provider the web page will be changed slightly as follows Available settings are explained as ...

Страница 151: ...to be specified Note that such option is available when Customized is selected as Service Provider Server Response Type any text that you want to receive from the DDNS server Note that such option is available when Customized is selected as Service Provider Login Name Enter the login name that you set for applying domain Password Enter the password that you set for applying domain Wildcard The Wil...

Страница 152: ... time before set schedule In System Maintenance Time and Date menu press Inquire Time button to set the Vigor router s clock to current time of your PC The clock will reset once if you power down or reset the router There is another way to set up time You can inquiry an NTP server a time server on the Internet to synchronize the router s clock This method can only be applied when the WAN connectio...

Страница 153: ...dule Action Specify which action Call Schedule should apply during the period of the schedule Force On Force the connection to be always on Force Down Force the connection to be always down Enable Dial On Demand Specify the connection to be dial on demand and the value of idle timeout should be specified in Idle Timeout field Disable Dial On Demand Specify the connection to be up when it has traff...

Страница 154: ...fined on the Start Date 3 Click OK button to save the settings Example Suppose you want to control the PPPoE Internet access connection to be always on Force On from 9 00 to 18 00 for whole week Other time the Internet access connection should be disconnected Force Down Office Hour Force On Mon Sun 9 00 am to 6 00 pm 1 Make sure the PPPoE connection and Time Setup is working properly 2 Configure t...

Страница 155: ...ADIUS client Therefore this page is used to configure settings for external RADIUS server Then LAN user of Vigor router will be authenticated by such server for network application Available settings are explained as follows Item Description Enable Check to enable RADIUS client feature Server IP Address Hostname Enter the IP address hostname of RADIUS server Destination Port The UDP port number th...

Страница 156: ...ly you can enable either the Connection Control Service or Connection Status Service The reminder as regards concern about Firewall and UPnP Can t work with Firewall Software Enabling firewall applications on your PC may cause the UPnP function not working properly This is because these applications will block the accessing ability of some network ports Security Considerations Activating the UPnP ...

Страница 157: ...V service you subscribe General Query Interval Vigor router will periodically check which IP obtaining IPTV service by sending query It might cause inconvenience for client Therefore set a suitable time unit second as the query interval to limit the frequency of query sent by Vigor router Add PPP header Check this box if the interface type for IGMP is PPPoE It depends on the specifications regulat...

Страница 158: ...n ng g G Gr ro ou up p Available settings are explained as follows Item Description Refresh Click this link to renew the working multicast group status Group ID This field displays the ID port for the multicast group The available range for IGMP starts from 224 0 0 0 to 239 255 255 254 P1 to P2 It indicates the LAN port used for the multicast group ...

Страница 159: ...l be sent Available settings are explained as follows Item Description Enable Check the box to enable such profile SMS Provider Use the drop down list to choose SMS service provider You can click SMS Provider link to define the SMS server Recipient Number Enter the phone number of the one who will receive the SMS Notify Profile Use the drop down list to choose a message profile The recipient will ...

Страница 160: ...er is not on the list Now DrayTek starts to support our own DDNS service DrayDDNS We will provide a domain name for each Vigor Router this single domain name can record IP addresses of all WAN A Ac ct ti iv va at te e D Dr ra ay yD DD DN NS S L Li ic ce en ns se e 1 Go to Wizards Service Activation Wizard wait for the router to connect to MyVigor server then tick DT DDNS and I have read and accept...

Страница 161: ...r ro of fi il le e 1 Go to Applications Dynamic DNS Setup a Tick Enable Dynamic DNS Setup b Click an available profile index c Tick Enable Dynamic DNS Account d Select DrayTek Global www drayddns com as Service Provider e Select the WAN you would like to upload the IP to DDNS server f Click Get domain g Click OK on the pop up notification window ...

Страница 162: ... om ma ai in n N Na am me e Currently only the domain name is allowed to be modified MyVigor website We will need to register the router to MyVigor server and log in to MyVigor website to modify it 1 Please visit https myvigor draytek com or go to Applications Dynamic DNS Setup DrayDDNS profile and click Edit domain 2 Log in to MyVigor Website choose the profile then click Edit DDNS settings ...

Страница 163: ...ame e g XXXX25 and click Update 4 Vigor router will get the modified domain name when the it performs next DDNS updating We can click Sync domain to accelerate this process After few seconds the router will get the new domain name and print it on the profiles list ...

Страница 164: ...Vigor2620 Series User s Guide 152 ...

Страница 165: ...ters to update your IP to the DDNS server We will take Changeip org and 3322 net as example Before setting please make sure that the WAN connection is up P Pa ar rt t A A C Ch ha an ng ge ei ip p o or rg g Note that Username jo Password jo Host name j changeip org WAN IP address 1 169 185 242 Following is the screenshot of editing the HTML script on the browser to update your IP to the DDNS server...

Страница 166: ...as dynamic dns update asp u jo p jo hostname j changeip org ip IP cmd update offline 0 In which IP is a value which will be replaced with the current interface IP address automatically when DDNS service is running In this case the IP will be 1 169 185 242 4 After setting the Customized DDNS service will be up and our IP will be updated to the DDNS server P Pa ar rt t B B 3 33 32 22 2 n ne et t Use...

Страница 167: ... job for us automatically 1 Please go to Applications Dynamic DNS to create a profile for User Defined DDNS client 2 Set the Service Provider as User Defined 3 Set the Provider Host as member 3322 net 4 Set the Service API as dyndns update hostname yourhost 3322 org myip IP wildcard OFF mx mail exchanger ext backmx NO offline NO 5 Enter your account and password 6 After the setting the Customized ...

Страница 168: ...Vigor2620 Series User s Guide 156 P Pa ar rt t C C E Ex xt te en nd d N No ot te e The customized Service Provider is also eligible with the ClouDNS net ...

Страница 169: ...nterface WAN LAN VPN the data can be sent from the source IP to the destination IP Address Mapping Allows you specify the outgoing WAN IP address es for an internal private IP address or a range of internal private IP addresses Priority The router will determine which policy will be adopted for transmitting the packet according to the priority of Static Route and Route Policy Failover to Failback ...

Страница 170: ... IPv4 and IPv6 for you to configure the static route Both protocols bring different web pages S St ta at ti ic c R Ro ou ut te e f fo or r I IP Pv v4 4 Available settings are explained as follows Item Description Set to Factory Default Clear all of the settings and return to factory default settings Viewing Routing Table Displays the routing table for your reference Index The number 1 to 30 under ...

Страница 171: ...ernal Router B 192 168 1 3 have set Main Router 192 168 1 1 as the default gateway for the Router A 192 168 1 2 Before setting Static Route user A cannot talk to user B for Router A can only forward recognized packets to its default gateway Main Router 1 Go to LAN page and click General Setup select 1st Subnet as the RIP Protocol Control Then click the OK button Info There are two reasons that we ...

Страница 172: ...ble Click it to enable this profile Destination IP Address Type an IP address as the destination of such static route Subnet Mask Enter the subnet mask for such static route Gateway IP Address Enter the IP address of the gateway Network Interface Use the drop down list to specify an interface for such static route 3 Return to Static Route Setup page Click on another Index Number to add another sta...

Страница 173: ...tings are explained as follows Item Description Set to Factory Default Clear all of the settings and return to factory default settings Viewing IPv6 Routing Table Displays the routing table for your reference Index The number 1 to 40 under Index allows you to open next page to set up static route Enable Check the box to enable such static route Destination Address Displays the destination address ...

Страница 174: ...profile Destination IPv6 Address Prefix Len Enter the IP address with the prefix length for this entry Gateway IPv6 Address Enter the gateway address for this entry Network Interface Use the drop down list to specify an interface for this static route When you finish the configuration please click OK to save and exit this page ...

Страница 175: ...ser s Guide 163 P Pa ar rt t I II II I W Wi ir re el le es ss s L LA AN N Wireless LAN enables high mobility so WLAN users can simultaneously access all LAN facilities just like on a wired LAN as well as Internet access ...

Страница 176: ...rotocol To boost its performance further the Vigor Router is also loaded with advanced wireless technology to lift up data rate up to 300 Mbps Hence you can finally smoothly enjoy stream music and video Vigor2620 wireless router is a highly integrated wireless local area network WLAN for 5 GHz 802 11ac or 2 4 5 GHz 802 11n WLAN applications It supports channel operations of 20 40 MHz at 2 4 GHz an...

Страница 177: ...ies Temporal Key Integrity Protocol TKIP for data encryption while WPA2 applies AES The WPA Enterprise combines not only encryption but also authentication Since WEP has been proved vulnerable you may consider using WPA for the most secure connection You should select the appropriate security mechanism according to your needs No matter which security suite you select they all will enhance the over...

Страница 178: ...or router with the encryption of WPA and WPA2 Info WPS is available for the wireless station with WPS supported It is the simplest way to build connection between wireless network clients and vigor router Users do not need to select any encryption mode and type any long encryption passphrase to setup a wireless client every time He she only needs to press a button on wireless client and WPS will c...

Страница 179: ...art PBC button of network card If you want to use PIN code you have to know the PIN code specified in wireless client Then provide the PIN code of the wireless client you wish to connect to the vigor router For WPS is supported in WPA PSK or WPA2 PSK mode if you do not choose such mode in Wireless LAN Security you will see the following message box Please click OK and go back Wireless LAN Security...

Страница 180: ...reen of wireless wizard will be shown as follows This page will be used for internal users in a company or your home Besides the settings will change based on different model of Vigor2620 series In this case Vigor2620Ln is used as an example Available settings are explained as follows Item Description Name Enter the SSID name of this router for wireless connection The default name is defined with ...

Страница 181: ...r 8 63 ASCII characters such as 012345678 or 64 Hexadecimal digits leading by 0x such as 0x321253abcde Next Click it to get into the next setting page Cancel Exit the wireless wizard without saving any changes 3 After typing the required information click Next The settings in the page limit the wireless station guest accessing into Internet but not being allowed to share the LAN network and VPN co...

Страница 182: ...rol Check the box to enable the rate control function Upload Download Enter the values as the limits for data upload and data download Next Click it to get into the next setting page Cancel Exit the wireless wizard without saving any changes 4 After typing the required information click Next 5 The following page will display the configuration summary for wireless setting 6 Click Finish to complete...

Страница 183: ...Description Enable Wireless LAN Check the box to enable wireless function Mode For 2 4GHz At present the router can connect to 11b Only 11g Only 11n Only 2 4 GHz Mixed 11b 11g Mixed 11g 11n and Mixed 11b 11g 11n stations simultaneously Simply choose Mixed 11b 11g 11n mode Channel Means the channel of frequency of the wireless LAN The default channel is 6 You may switch channel if the selected chan...

Страница 184: ...s stations with the same SSID not accessing for each other VPN Check this box to make the wireless clients stations with different VPN not accessing for each other Rate Control Enable Check the box to set the rate limit for data transmission in upload and download It controls the data transmission rate through wireless connection Upload Check Enable and enter the transmitting rate for data upload ...

Страница 185: ...voke it The password PSK of default security mode is provided and stated on the label pasted on the bottom of the router For the wireless client who wants to access into Internet through such router please input the default PSK value for connection By clicking the Wireless LAN Security Settings a new web page will appear so that you could configure the settings of WPA and WEP Available settings ar...

Страница 186: ...S server with 802 1X protocol WPA PSK Accepts only WPA clients and the encryption key should be entered in PSK WPA2 PSK Accepts only WPA2 clients and the encryption key should be entered in PSK Mixed WPA WPA2 PSK Accepts WPA and WPA2 clients simultaneously and the encryption key should be entered in PSK WPA The WPA encrypts each frame transmitted from the radio using the key which either PSK Pre S...

Страница 187: ...I 1 1 4 4 A Ac cc ce es ss s C Co on nt tr ro ol l In the Access Control the router may restrict wireless access to certain wireless clients only by locking their MAC address into a black or white list The user may block wireless clients by inserting their MAC addresses into a black list or only let them be able to connect by inserting their MAC addresses into a white list In the Access Control we...

Страница 188: ...reless client of the MAC address from LAN Comment Enter a brief description for the specified client s MAC address Add Add a new MAC address into the list Delete Delete the selected MAC address in the list Edit Edit the selected MAC address in the list Cancel Give up the access control set up OK Click it to save the access control list Clear All Clean all entries in the MAC address list Backup Acc...

Страница 189: ...SK support WPS Configure via Push Button Click Start PBC to invoke Push Button style WPS setup procedure The router will wait for WPS requests from wireless clients about two minutes The WPS LED on the router will blink fast when WPS is in progress It will return to normal condition after two minutes You need to setup WPS within two minutes Configure via Client PinCode Please input the PIN code sp...

Страница 190: ...t access into Internet through the router AP with Bridge mode configured The packets received from a WDS link will only be forwarded to local wired or wireless hosts Repeater Extended Wireless stations clients within the effective range of wireless signal can access into Internet through the router AP Wireless stations clients out of the effective range of wireless signal can access into Internet ...

Страница 191: ...When Pre Shared Key is selected as Security above configure the following settings if required Type There are some types for you to choose WPA and WPA2 are used for WDS devices e g 2925n wireless router you can set the encryption mode as WPA or WPA2 to establish your WDS system between AP and the router Key Set the encryption key in this field Type 8 63 ASCII characters or 64 hexadecimal digits le...

Страница 192: ...ur peer MAC addresses are allowed to be entered in this page at one time Similarly if you want to invoke the peer MAC address remember to check Enable box in the front of the MAC address after typing Access Point Function Click Enable to make this router serve as an access point When Repeater is set as WDS Mode click Enable to use such function Click Disable if Bridge is set as WDS Mode Status It ...

Страница 193: ...gor router will use 20MHz 40MHz 80MHz for data transmission and receiving between the AP and the stations 20 40 Vigor Router will scan for nearby wireless AP and then use 20MHz if the number of AP is more than 10 or use 40MHz if it s not Guard Interval It is to assure the safety of propagation delays and reflections for the sensitive digital data If you choose auto as guard interval the AP router ...

Страница 194: ...s for four access categories derived from 802 1d prioritization tabs The categories are designed with specific types of traffic voice video best effort and low priority data There are four accessing categories AC_BE AC_BK AC_VI and AC_VO for WMM To apply WMM parameters for wireless data transmission please click the Enable radio button APSD Capable APSD automatic power save delivery is an enhancem...

Страница 195: ... will detect scan the country code to prevent conflict occurred If conflict is detected wireless station will be warned and is unable to make network connection Therefore changing the country code to ensure successful network connection will be necessary for some clients After finishing all the settings here please click OK to save the configuration ...

Страница 196: ...istence of the APs on the wireless LAN Yet only the AP which is in the same channel of this router can be found Please click Scan to discover all the connected APs Available settings are explained as follows Item Description Scan It is used to discover all the connected AP The results will be shown on the box above this button Statistics It displays the statistics for the channels used by APs Add ...

Страница 197: ... with its status code There is a code summary below for explanation For convenient Access Control you can select a WLAN station and click Add to Access Control below Available settings are explained as follows Item Description Refresh Click this button to refresh the status of station list Add Click this button to add current typed MAC address into Access Control ...

Страница 198: ...Vigor2620 Series User s Guide 186 This page is left blank ...

Страница 199: ... a manner that emulates the properties of a point to point private link It is a form of VPN that can be used with a standard Web browser A digital certificate works as an electronic ID which is issued by a certification authority CA It contains information such as your name a serial number expiration dates etc and the digital signature of the certificate issuing authority so that a recipient can v...

Страница 200: ...tween home office and customer Secure connection between Teleworker staff on business trip and main office Exchange data between remote office and main office POS between chain store and headquarters S Si it te e t to o S Si it te e L LA AN N t to o L LA AN N A connection between two router s LAN networks Allows employees in branch offices and head office to share the same network resources R Re e...

Страница 201: ...for VPN dial out connection from server to client step by step 1 Open Wizards VPN Client Wizard The following page will appear Available settings are explained as follows Item Description LAN to LAN Client Mode Selection Choose the client mode Route Mode NAT Mode If the remote network only allows you to dial in with single IP please choose NAT mode otherwise please choose Route Mode Please choose ...

Страница 202: ...pes provided here Different type will lead to different configuration page After making the choices for the client profile please click Next You will see different configurations based on the selection s you made Info The following descriptions for VPN Type are based on the Route Mode specified in LAN to LAN Client Mode Selection When you choose PPTP None Encryption or PPTP Encryption you will see...

Страница 203: ...Vigor2620 Series User s Guide 191 When you choose IPsec you will see the following graphic When you choose SSL you will see the following graphic ...

Страница 204: ...en you choose L2TP over IPsec Nice to Have or L2TP over IPsec Must you will see the following graphic Available settings are explained as follows Item Description Profile Name Type a name for such profile The length of the file is limited ...

Страница 205: ...ns data will be authenticated but not be encrypted By default this option is active High Encapsulating Security Payload ESP means payload data will be encrypted and authenticated You may select encryption algorithm from Data Encryption Standard DES Triple DES 3DES and AES User Name This field is used to authenticate for connection when you select PPTP or L2TP with or without IPsec policy above The...

Страница 206: ...utton to access VPN and Remote Access Connection Management for viewing VPN Connection status Do another VPN Server Wizard Setup Click this radio button to set another profile of VPN Server through VPN Server Wizard View more detailed configuration Click this radio button to access VPN and Remote Access LAN to LAN for viewing detailed configuration ...

Страница 207: ...o Site VPN Remote Dial in User You can manage remote access by maintaining a table of remote user profile so that users can be authenticated to dial in via VPN connection Please choose a LAN to LAN Profile This item is available when you choose Site to Site VPN LAN to LAN as VPN server mode There are 32 VPN profiles for users to set Please choose a Dial in User Accounts This item is available when...

Страница 208: ... in User selected 2 After making the choices for the server profile please click Next You will see different configurations based on the selection you made Here we take the examples of choosing Site to Site VPN as the VPN Server Mode When you check PPTP SSL you will see the following graphic When you check PPTP IPsec L2TP three types or PPTP IPsec two types or L2TP with Policy Nice to Have Must yo...

Страница 209: ... are explained as follows Item Description Profile Name Type a name for such profile The length of the file is limited to 10 characters User Name This field is used to authenticate for connection when you select PPTP or L2TP with or without IPsec policy above The length of the name is limited to 11 characters ...

Страница 210: ...ent IP Enter the WAN IP address or VPN client IP address for the remote client Peer ID Enter the ID name for the remote client The length of the name is limited to 47 characters Remote Network IP Please type one LAN IP address according to the real location of the remote host for building VPN connection Remote Network Mask Please Enter the network mask according to the real location of the remote ...

Страница 211: ...on Click this radio button to access VPN and Remote Access LAN to LAN for viewing detailed configuration I IV V 1 1 3 3 R Re em mo ot te e A Ac cc ce es ss s C Co on nt tr ro ol l Enable the necessary VPN service as you need If you intend to run a VPN server inside your LAN you should disable the VPN service of Vigor Router to allow VPN tunnel pass through as well as the appropriate NAT settings s...

Страница 212: ...If the remote dial in user does not support the MPPE encryption algorithm the router will transmit no MPPE encrypted packets Otherwise the MPPE encryption scheme will be used to encrypt the data Require MPPE 40 128bits Selecting this option will force the router to encrypt packets by using the MPPE encryption algorithm In addition the remote dial in user will use 40 bit to perform encryption prior...

Страница 213: ...d choose an IP address from the local private network For example if the local private network is 192 168 1 0 255 255 255 0 you could choose 192 168 1 200 as the Start IP Address You can configure up to four start IP addresses for LAN1 LAN4 PPP Authentication Methods Select the method s to be used for authentication in PPP connection While using Radius Authentication If PPP connection will be auth...

Страница 214: ...ransport mode will add the AH ESP payload and use original IP header to encapsulate the data payload only It can just apply to local packet e g L2TP over IPsec The Tunnel mode will not only add the AH ESP payload but also use a new IP header Tunneled IP header to encapsulate the whole original IP packet Authentication Header AH provides data authentication and integrity for IP packets passed betwe...

Страница 215: ...sec XAuth authentication Pre Shared Key Specify a key for IKE authentication Confirm Pre Shared Key Retype the characters to confirm the pre shared key Note Any packets from the remote dial in user which does not match the rule defined in VPN and Remote Access Remote Dial In User will be applied with the method specified here IPsec Security Method Medium Authentication Header AH means data will be...

Страница 216: ... certificates for peer dial in users Available settings are explained as follows Item Description Set to Factory Default Click it to clear all indexes Index Click the number below Index to access into the setting page of IPsec Peer Identity Name Display the profile name of that index Click each index to edit one peer digital certificate There are three security levels of digital signature authenti...

Страница 217: ...e Click to check one specific field of digital signature to accept the peer with matching value The field can be IP Address Domain or E mail The box under the Type will appear according to the type you select and ask you to fill in corresponding setting Accept Subject Name Click to check the specific fields of digital signature to accept the peer with matching value The field includes Country C St...

Страница 218: ...rresponding security methods etc The router provides multiple access accounts for dial in users Besides you can extend the user accounts to the RADIUS server through the built in RADIUS client function The following figure shows the summary table Available settings are explained as follows Item Description Set to Factory Default Click to clear all indexes Index Click the number below Index to acce...

Страница 219: ...ollows Item Description User account and Authentication Enable this account Check the box to enable this function Idle Timeout If the dial in user is idle over the limitation of the timer the router will drop this connection By default the Idle Timeout is set to 300 seconds Allowed Dial In Type PPTP Allow the remote dial in user to make a PPTP VPN connection through the Internet You should set the...

Страница 220: ...side the tunnel Multicast via VPN Some programs might send multicast packets via VPN connection Pass Click this button to let multicast packets pass through the router Block This is default setting Click this button to let multicast packets be blocked by the router User Name This field is applicable when you select PPTP or L2TP with or without IPsec policy above The length of the name is limited t...

Страница 221: ...pted and authenticated You may select encryption algorithm from Data Encryption Standard DES Triple DES 3DES and AES Local ID Optional Specify a local ID to be used for Dial in setting in the LAN to LAN Profile setup This item is optional and can be used only in IKE aggressive mode After finishing all the settings here please click OK to save the configuration I IV V 1 1 8 8 L LA AN N t to o L LA ...

Страница 222: ...ps If the fields gray out it means you may leave it untouched The following explanations will guide you to fill all the necessary fields Available settings are explained as follows Item Description Common Settings Profile Name Specify a name for the profile of the LAN to LAN connection Enable this profile Check here to activate this profile VPN Dial Out Through Use the drop down menu to choose a p...

Страница 223: ...on Idle Timeout The default value is 300 seconds If the connection has been idled over the value the router will drop the connection Enable PING to keep IPsec tunnel alive This function is to help the router to determine the status of IPsec VPN connection especially useful in the case of abnormal VPN IPsec tunnel disruption For details please refer to the note below Check to enable the transmissio...

Страница 224: ...APv2 is the most common selection due to compatibility VJ compression This field is applicable when you select PPTP or L2TP with or without IPsec policy above VJ Compression is used for TCP IP protocol header compression Normally set to On to improve bandwidth utilization IKE Authentication Method This group of fields is applicable for IPsec Tunnels and L2TP with IPsec Policy Pre Shared Key Input ...

Страница 225: ...e IPsec session However the Aggressive mode is faster The default value in Vigor router is Main mode IKE phase 1 proposal To propose the local available authentication schemes and encryption algorithms to the VPN peers and get its feedback to find a match Two combinations are available for Aggressive mode and nine for Main mode We suggest you select the combination that covers the most schemes IKE...

Страница 226: ...d as follows Item Description Dial In Settings Allowed Dial In Type Determine the dial in connection with different types PPTP Allow the remote dial in user to make a PPTP VPN connection through the Internet You should set the User Name and Password of remote dial in user below IPsec Tunnel Allow the remote dial in user to trigger an IPsec VPN connection through Internet L2TP with IPsec Policy All...

Страница 227: ...n you select PPTP or L2TP with or without IPsec policy above IKE Authentication Method This group of fields is applicable for IPsec Tunnels and L2TP with IPsec Policy when you specify the IP address of the remote node The only exception is Digital Signature X 509 can be set when you select IPsec tunnel either with or without specify the IP address of the remote node Pre Shared Key Check the box of...

Страница 228: ...ask through the VPN connection For IPsec this is the destination clients IDs of phase 2 quick mode Local Network IP Local Network Mask Display the local network IP and mask for TCP IP configuration You can modify the settings if required More Add a static route to direct all traffic destined to more Remote Network IP Addresses Remote Network Masks through the VPN connection This is usually used wh...

Страница 229: ...se 2 quick mode Translated Local Network This function is enabled in default Use the drop down list to specify a LAN port as the transferred direction Then specify an IP address Click Advanced to configure detailed settings if required Advanced Add a static route to direct all traffic destined to more Remote Network IP Addresses Remote Network Mask through the VPN connection This is usually used w...

Страница 230: ...Vigor2620 Series User s Guide 218 2 After finishing all the settings here please click OK to save the configuration ...

Страница 231: ...licking Drop button You may also aggressively Dial out by using Dial out Tool and clicking Dial button Available settings are explained as follows Item Description Dial out Tool This filed displays the profile configured in LAN to LAN with Index number and VPN Server IP address The VPN connection built by General Mode does not support VPN backup function Dial Click this button to execute dial out ...

Страница 232: ... network is a form of VPN that can be used with a standard Web browser There are two benefits that SSL VPN provides It is not necessary for users to preinstall VPN client software for executing SSL VPN connection There are less restrictions for the data encrypted through SSL VPN in comparing with traditional VPN ...

Страница 233: ...r It will not affect the HTTPS Port configuration set in System Maintenance Management In general the default setting is 443 Server Certificate When the client does not set any certificate default certificate will be used for HTTPS and SSL VPN server Choose any one of the user defined certificates from the drop down list if users set several certificates previously Otherwise choose Self signed to ...

Страница 234: ... guest network or web cafe The SSL technology is the same as the encryption that you use for secure web sites such as your online bank The SSL VPN can be operated in either full tunnel mode or proxy mode Now Vigor2620 series allows up to 16 simultaneous incoming users For SSL VPN identity authentication and power management are implemented through deploying user accounts Therefore the user account...

Страница 235: ... password is limited to 23 characters Password This field is applicable when you select PPTP or L2TP with or without IPsec policy above The length of the name password is limited to 19 characters Enable Mobile One Time Passwords mOTP Check this box to make the authentication with mOTP function PIN Code Enter the code for authentication e g 1234 Secret Use the 32 digit secret number generated by mO...

Страница 236: ...ntication methods and security methods in the general settings Netbios Naming Packet Pass Click it to have an inquiry for data transmission between the hosts located on both sides of VPN Tunnel while connecting Block When there is conflict occurred between the hosts on both sides of VPN Tunnel in connecting such function can block data transmission of Netbios Naming Packet inside the tunnel Multic...

Страница 237: ...t not be encrypted By default this option is invoked You can uncheck it to disable it High ESP Encapsulating Security Payload means payload data will be encrypted and authenticated You may select encryption algorithm from Data Encryption Standard DES Triple DES 3DES and AES Local ID Specify a local ID to be used for Dial in setting in the LAN to LAN Profile setup This item is optional and can be u...

Страница 238: ...ey access into DrayTek SSL VPN portal interface Next users can open SSL VPN Online Status to view logging status of SSL VPN Available settings are explained as follows Item Description Active User Display current user who visits SSL VPN server Host IP Display the IP address for the host Time out Display the time remaining for logging out Action You can click Drop to drop certain login user from th...

Страница 239: ...igor router support digital certificates conforming to standard X 509 Any entity wants to utilize digital certificates should first request a certificate issued by a CA server It should also retrieve certificates of other trusted CA servers so it can authenticate the peer with certificates issued by those trusted CA servers Here you can manage generate and manage the local digital certificates and...

Страница 240: ...o import a saved file as the certification information Refresh Click this button to refresh the information listed below View Click this button to view the detailed settings for certificate request Delete Click this button to delete selected name with certification information G GE EN NE ER RA AT TE E Click this button to open Generate Certificate Signing Request window Enter all the information t...

Страница 241: ... T Vigor router allows you to generate a certificate request and submit it the CA server then import it as Local Certificate If you have already gotten a certificate from a third party you may import it directly The supported types are PKCS12 Certificate and Certificate with a private key Click this button to import a saved file as the certification information There are three types of local certi...

Страница 242: ...as OK Upload PKCS12 Certificate It allows users to import the certificate whose extensions are usually pfx or p12 And these certificates usually need passwords Note that PKCS12 is a standard for storing private keys and certificates securely It is used in among other things Netscape and Microsoft Internet Explorer with their import and export options Upload Certificate and Private Key It is useful...

Страница 243: ...ttings for certificate request Info You have to copy the certificate request information from above window Next access your CA server and enter the page of certificate request copy the information into it and submit a request A new certificate will be issued to you by the CA server You can save it D De el le et te e Click this button to remove the selected certificate ...

Страница 244: ...tificate from a trusted root certificate authority is complicated and time consuming Therefore Vigor router offers a mechanism which allows you to generate root CA to save time and provide convenience for general user Later such root CA generated by DrayTek server can perform the issuing of local certificate Info Root CA can be deleted but not edited If you want to modify the settings for a Root C...

Страница 245: ... the following window Use Browse to find out the saved text file Then click Import The one you imported will be listed on the Trusted CA Certificate window For viewing each trusted CA certificate click View to open the certificate detail information window If you want to delete a CA certificate choose the one and click Delete to remove all the certificate information ...

Страница 246: ...tificate for this router can be saved within one file Please click Backup on the following screen to save them If you want to set encryption password for these certificates please type characters in both fields of Encrypt password and Confirm password Also you can use Restore to retrieve these two settings to the router whenever you want ...

Страница 247: ...ty has been always the most concerned The firewall of the Vigor router helps to protect your local network against attack from unauthorized outsiders It also restricts users in the local network from accessing the Internet CSM is an abbreviation of Central Security Management which is used to control IM P2P usage filter the web content and URL content to reach a goal of security management ...

Страница 248: ...es unsolicited incoming data Selectable Denial of Service DoS Distributed DoS DDoS attacks protection I IP P F Fi il lt te er rs s Depending on whether there is an existing Internet connection or in other words the WAN link status is up or down the IP filter architecture categorizes traffic into two Call Filter and Data Filter Call Filter When there is no existing Internet connection Call Filter i...

Страница 249: ...exhaust all your system s resource while the vulnerability attacks will try to paralyze the system by offending the vulnerabilities of the protocol or operation system The DoS Defense function enables the Vigor router to inspect every incoming packet based on the attack signature database Any malicious packet that might duplicate itself to paralyze the host in the secure LAN will be strictly block...

Страница 250: ...o here you assign the Start Filter Set only Also you can configure the Log Flag settings Apply IP filter to VPN incoming packets and Accept incoming fragmented UDP packets Click Firewall and click General Setup to open the general setup page G Ge en ne er ra al l S Se et tu up p P Pa ag ge e Such page allows you to enable disable Call Filter and Data Filter determine general rule for filtering the...

Страница 251: ...le transmitting through Vigor router will be filtered by firewall If the firewall system e g content filter server does not make any response pass or block for these packets then the router s firewall will block the packets directly Block routing connections initiated from WAN Usually IPv6 network sessions traffic from WAN to LAN will be accepted by IPv6 firewall in default IPv6 To prevent remote ...

Страница 252: ...lity of Service Choose one of the QoS rules to be applied as firewall rule For detailed information of setting QoS please refer to the related section later APP Enforcement Select an APP Enforcement profile for global IM P2P application blocking If there is no profile for you to select please choose Create New from the drop down list in this page to create a new profile All the hosts in LAN must f...

Страница 253: ...eate a new profile For troubleshooting needs you can specify to record information for Web Content Filter by checking the Log box It will be sent to Syslog server Please refer to section Syslog Mail Alert for more detailed information Advance Setting Click Edit to open the following window However it is strongly recommended to use the default settings here Codepage This function is used to compare...

Страница 254: ...ut Setting timeout for sessions can make the best utilization of network resources Backup Firewall Click Backup to save the firewall configuration Restore Firewall Click Select to choose a firewall configuration file Then click Restore to apply the file After finishing all the settings here please click OK to save the configuration ...

Страница 255: ... Active to enable the rule Available settings are explained as follows Item Description Rule Click a button numbered 1 7 to edit the filter rule Click the button will open Edit Filter Rule web page For the detailed information refer to the following page Enable Check the box to enable the filter rule Comments Enter filter set comments description Maximum length is 23 character long Direction Displ...

Страница 256: ...ia several setting pages Advance Mode Allow to configure detailed settings of filter rule To use Wizard Mode simple do the following steps 1 Click the Wizard Mode radio button 2 Click Index 1 The setting page will appear as follows Available settings are explained as follows Item Description Comments Enter filter set comments description Maximum length is 14 character long Direction Set the direct...

Страница 257: ...the same it indicates all the ports except the port defined here when the first and last values are different it indicates that all the ports except the range defined here are available for this service type the port number greater than this value is available the port number less than this value is available for this profile 3 Click Next to get the following page Available settings are explained ...

Страница 258: ...w profile For troubleshooting needs you can specify to record information for URL Content Filter by checking the Log box It will be sent to Syslog server Please refer to section Syslog Mail Alert for more detailed information Web Content Filter Select one of the Web Content Filter profile settings created in CSM Web Content Filter for applying with this router Please set at least one profile for a...

Страница 259: ...terval only You may choose up to 4 schedules out of the 15 schedules pre defined in Applications Schedule setup The default setting of this field is blank and the function will always work Clear sessions when schedule ON Check this box to clear the sessions when the above schedule profiles are applied Direction Set the direction of packet flow It is for Data Filter only For the Call Filter this se...

Страница 260: ...oup and Objects as the Address Type From the IP Group drop down list choose the one that you want to apply Or use the IP Object drop down list to choose the object that you want Service Type Click Edit to access into the following dialog to choose a suitable service type To set the service type manually please choose User defined as the Service Type and type them in this dialog In addition if you ...

Страница 261: ...t to contain a complete header Filter Specifies the action to be taken when packets match the rule Block Immediately Packets matching the rule will be dropped immediately Pass Immediately Packets matching the rule will be passed immediately Block If No Further Match A packet matching the rule and that does not match further rules will be dropped Pass If No Further Match A packet matching the rule ...

Страница 262: ...profile For troubleshooting needs you can specify to record information for URL Content Filter by checking the Log box It will be sent to Syslog server Please refer to section Syslog Mail Alert for more detailed information Web Content Filter Select one of the Web Content Filter profile settings created in CSM Web Content Filter for applying with this router Please set at least one profile for ant...

Страница 263: ... sessions can make the best utilization of network resources However Queue timeout is configured for TCP protocol only session timeout is configured for the data flow which matched with the firewall rule DrayTek Banner Please uncheck this box and the following screen will not be shown for the unreachable web page The default setting is Enabled Strict Security Checking All the packets while transmi...

Страница 264: ... all the items listed below White Black List Option Set white black list of IPv4 IPv6 address Enable SYN flood defense Check the box to activate the SYN flood defense function Once detecting the Threshold of the TCP SYN packets from the Internet has exceeded the defined value the Vigor router will start to randomly discard the subsequent TCP SYN packets for a period defined in Timeout The goal for...

Страница 265: ... the port scanning Threshold rate the Vigor router will send out a warning By default the Vigor router sets the threshold as 2000 packets per second That means when 2000 packets per second received they will be regarded as attack event Block IP options Check the box to activate the Block IP options function The Vigor router will ignore any IP packets with IP option field in the datagram header The...

Страница 266: ...volves the perpetrator sending overlapping packets to the target hosts so that those target hosts will hang once they re construct the packets The Vigor routers will block any packets realizing this attacking activity Block ICMP Fragment Check the box to activate the Block ICMP fragment function Any ICMP packets with more fragment bit set are dropped Block Unassigned Numbers Check the box to activ...

Страница 267: ...es User s Guide 255 After finishing all the settings here please click OK to save the configuration V V 1 1 3 3 2 2 S Sp po oo of fi in ng g D De ef fe en ns se e Click the Spoofing Defense tab to open the setup page ...

Страница 268: ... 168 1 20 accessing to Internet through Vigor router Others e g 192 168 1 31 and 192 168 1 32 outside the range can get the source from LAN only The way we can use is to set two rules under Firewall For Rule 1 of Set 2 under Firewall Filter Setup is used as the default setting we have to create a new rule starting from Filter Rule 2 of Set 2 1 Access into the web user interface of Vigor router 2 O...

Страница 269: ... Filter Rule 7 If Block If No Further Match for is selected for Filter the firewall of the router would check the packets with the rules starting from Rule 3 to Rule 7 The packets not matching with the rules will be processed according to Rule 2 4 Next set another rule Just open Firewall Filter Setup Click the Set 2 link and choose the Filter Rule 3 button 5 Check the box of Check to enable the Fi...

Страница 270: ...t Type 192 168 1 10 in the field of Start IP and type 192 168 1 20 in the field of End IP Then click OK to save the settings The computers within the range can access into the Internet 7 Now check the content of Source IP is correct or not The action for Filter shall be set with Pass Immediately Then click OK to save the settings ...

Страница 271: ...0 Series User s Guide 259 8 Both filter rules have been created Click OK Now all the settings are configured well Only the computers with the IP addresses within 192 168 1 10 192 168 1 20 can access to Internet ...

Страница 272: ...cks the URL strings or some of HTTP data hiding in the payload of TCP packets while legacy firewall inspects packets based on the fields of TCP IP headers only On the other hand Vigor router can prevent user from accidentally downloading malicious codes from web pages It s very common that malicious codes conceal in the executable objects such as ActiveX Java Applet compressed files and other exec...

Страница 273: ...page allows you to set 32 profiles for different requirements The APP Enforcement Profile will be applied in Default Rule of Firewall General Setup for filtering Available settings are explained as follows Item Description Set to Factory Default Clear all profiles Profile Display the number of the profile which allows you to click to set different policy Name Display the name of the APP Enforcemen...

Страница 274: ...h of the name you can set is 15 characters Select All Click it to choose all of the items in this page Clear All Uncheck all the selected boxes Enable Check the box to select the APP to be blocked by Vigor router The profiles configured here can be applied in the Firewall General Setup and Firewall Filter Setup pages as the standard for the host s to follow ...

Страница 275: ...s based on the fields of TCP IP headers only On the other hand Vigor router can prevent user from accidentally downloading malicious codes from web pages It s very common that malicious codes conceal in the executable objects such as ActiveX Java Applet compressed files and other executable files Once downloading these types of files from websites you may risk bringing threat to your system For ex...

Страница 276: ...choose this setting both configuration set in this page for URL Access Control and Web Feature will be inactive Both Block The router will block all the packages that match with the conditions specified in URL Access Control and Web Feature below When you choose this setting both configuration set in this page for URL Access Control and Web Feature will be inactive Either URL Access Control First ...

Страница 277: ...able only when Either URL Access Control First or Either Web Feature First is selected Pass Allow accessing into the corresponding webpage with the keywords listed on the box below Block Restrict accessing into the corresponding webpage with the keywords listed on the box below If the web pages do not match with the keyword set here it will be processed with reverse action Exception List Specify t...

Страница 278: ...here it will be processed with reverse action File Extension Profile Choose one of the profiles that you configured in Object Setting File Extension Objects previously for passing or blocking the file downloading Cookie Check the box to filter out the cookie transmission from inside to outside world to protect the local user s privacy Proxy Check the box to reject any proxy transmission To control...

Страница 279: ... have to click Activate to satisfy your request Be aware that service provider matching with Vigor router currently offers a period of time for trial version for users to experiment If you want to purchase a formal edition simply contact with the channel partner or your dealer Click CSM and click Web Content Filter Profile to open the profile setting page The default setting for Setup Query Server...

Страница 280: ...ted Find more Click it to open http myvigor draytek com for searching another qualified and suitable server Cache None the router will check the URL that the user wants to access via WCF precisely however the processing rate is normal Such item can provide the most accurate URL matching L1 the router will check the URL that the user wants to access via WCF If the URL has been accessed previously i...

Страница 281: ...o the different service providers If you have and activate another web content filter license the items will be changed simultaneously All of the configuration made for web content filter will be deleted automatically Therefore please backup your data before you change the web content filter license Available settings are explained as follows Item Description Profile Name Type a name for the CSM p...

Страница 282: ...elow Block restrict accessing into the corresponding webpage with the categories listed on the box below If the web pages do not match with the specified feature set here it will be processed with reverse action Log Pass Only the log about Pass will be recorded in Syslog Block Only the log about Block will be recorded in Syslog All All the actions Pass and Block will be recorded in Syslog After fi...

Страница 283: ...several useful services such as Anti Spam Web Content Filter Anti Intrusion and etc to filtering the web pages for the sake of protecting your system To access into MyVigor for getting more information please create an account for MyVigor C Cr re ea at te e a an n A Ac cc co ou un nt t v vi ia a V Vi ig go or r R Ro ou ut te er r 1 Click CSM Web Content Filter Profile The following page will appea...

Страница 284: ... s Guide 272 2 Click the Activate link A login page for MyVigor web site will pop up automatically 3 Click the link of Create an account now 4 The system will ask if you are 16 years old or over If yes click I am 16 or over ...

Страница 285: ... I am under 16 years old to get the following page Then click I and my legal guardian agree 5 After reading the terms of service privacy policy click Agree 6 In the following page enter your personal information in this page and then click Continue ...

Страница 286: ...with the title of New Account Confirmation Letter from myvigor draytek com 10 Click the Activate my Account link to enable the account that you created The following screen will be shown to verify the register process is finished Please click Login 11 When you see the following page please type in the account and password that you just created in the fields of UserName and Password ...

Страница 287: ...Vigor2620 Series User s Guide 275 12 Now click Login Your account has been activated You can access into MyVigor server to activate the service e g WCF that you want ...

Страница 288: ... lt te er r There are two ways to block the facebook service Web Content Filter and URL Content Filter Web Content Filter Benefits Easily and quickly implement the category website that you want to block Note License is required URL Content Filter Benefits Free flexible for customize webpage Note Manual setting e g one keyword for one website I I V Vi ia a W We eb b C Co on nt te en nt t F Fi il l...

Страница 289: ...Vigor2620 Series User s Guide 277 2 Open CSM Web Content Filter Profile to create a WCF profile Check Social Networking with Action Block 3 Enable this profile in Firewall General Setup Default Rule ...

Страница 290: ...URL Content Filter A Block the web page containing the word of Facebook 1 Open Object Settings Keyword Object Click an index number to open the setting page 2 In the field of Contents please type facebook Configure the settings as the following figure 3 Open CSM URL Content Filter Profile Click an index number to open the setting page 4 Configure the settings as the following figure ...

Страница 291: ...t configured from the drop down list in the field of URL Content Filter Now users cannot open any web page with the word facebook inside B Disallow users to play games on Facebook 1 Open Object Settings Keyword Object Click an index number to open the setting page 2 In the field of Contents please type apps facebook Configure the settings as the following figure ...

Страница 292: ...g page 4 Configure the settings as the following figure 5 When you finished the above steps please open Firewall General Setup 6 Click the Default Rule tab Choose the profile just configured from the drop down list in the field of URL Content Filter Now users cannot open any web page with the word facebook inside ...

Страница 293: ...Vigor2620 Series User s Guide 281 ...

Страница 294: ...Vigor2620 Series User s Guide 282 This page is left blank ...

Страница 295: ...p System Status TR 069 Administrator Password User Password Configuration Backup Syslog Mail Alert Time and Date SNMP Management Panel Control Self Signed Certificate Reboot System Firmware Upgrade and Activation It is used to control the bandwith of data transmission through configuration of Sessions Limit Bandwidth Limit and Quality of Servie QoS ...

Страница 296: ... are several items that you have to know the way of configuration System Status TR 069 Administrator Password User Password Configuration Backup Syslog Mail Alert Time and Date SNMP Management Panel Control Self Signed Certificate Reboot System Firmware Upgrade and Activation Below shows the menu items for System Maintenance ...

Страница 297: ...plained as follows Item Description Model Name Display the model name of the router Firmware Version Display the firmware version of the router Build Date Time Display the date and time of the current firmware build LAN MAC Address Display the MAC address of the LAN Interface IP Address Display the IP address of the LAN interface Subnet Mask Display the subnet mask address of the LAN interface DHC...

Страница 298: ...e WAN interface Default Gateway Display the assigned IP address of the default gateway IPv6 Address Display the IPv6 address for LAN Scope Display the scope of IPv6 address For example IPv6 Link Local could only be used for direct IPv6 link It can t be used for IPv6 internet Internet Access Mode Display the connection mode chosen for accessing into Internet ...

Страница 299: ...ned as follows Item Description Tr069 Click Enable to activate the settings on this page ACS Server On Choose the interface for the router connecting to ACS server ACS Server URL Username Password Such data must be typed according to the ACS Auto Configuration Server you want to link Please refer to Auto Configuration Server user s manual for detailed information Wizard Click it to enter the IP ad...

Страница 300: ...eriod If STUN is enabled the CPE must send binding request to the server for the purpose of maintaining the binding in the Gateway Please type a number as the minimum period The default setting is 60 seconds Maximum Keep Alive Period If STUN is enabled the CPE must send binding request to the server for the purpose of maintaining the binding in the Gateway Please type a number as the maximum perio...

Страница 301: ...lows Item Description Administrator Password Old Password Enter the old password The factory default setting for password is admin New Password Enter new password in this field The length of the password is limited to 23 characters Confirm Password Enter the new password again When you click OK the login window will appear Please use the new password to access into the web user interface again ...

Страница 302: ...rator password Password Enter new password in this field The length of the password is limited to 31 characters Confirm Password Enter the new password again Password Strength Display the security strength of the password specified above Set to Factory Default Click to return to the factory default setting When you click OK the login window will appear Please use the new password to access into th...

Страница 303: ...be open to ask for username and password Enter the new user password in the filed of Password and click Login 6 The main screen with User Mode will be shown on the web page Settings to be configured in User Mode will be less than settings in Admin Mode Only basic configuration settings will be available in User Mode Info Setting in User Mode can be configured as same as in Admin Mode ...

Страница 304: ...age will be popped up as shown below Available settings are explained as follows Item Description Restore Choose File Click it to specify a file to be restored Restore Restore the configuration If the file is encrypted the system will ask you to Enter the password to decrypt the configuration file Backup Click it to perform the configuration backup of this router 2 Click Backup button to get into ...

Страница 305: ...Info Backup for Certification must be done independently The Configuration Backup does not include information of Certificate R Re es st to or re e C Co on nf fi ig gu ur ra at ti io on n 1 Go to System Maintenance Configuration Backup The following windows will be popped up as shown below 2 Click Choose File button to choose the correct configuration file for uploading to the router 3 Click Resto...

Страница 306: ...e The IP address of the Syslog server Destination Port Assign a port for the Syslog protocol Enable syslog message Check the box listed on this web page to send the corresponding message of firewall VPN User Access WAN Router DSL information and WLAN to Syslog Mail Alert Setup Check Enable to activate function of mail alert Send a test e mail Make a simple test for the e mail address specified in ...

Страница 307: ... router detecting the item s you specify here Click OK to save these settings For viewing the Syslog please do the following 1 Just set your monitor PC s IP address in the field of Server IP Address 2 Install the Router Tools in the Utility within provided CD After installation click on the Router Tools Syslog from program menu 3 From the Syslog screen select the router you want to monitor Be remi...

Страница 308: ...uter s system time Use Internet Time Select to inquire time information from Time Server on the Internet using assigned protocol Time Server Enter the web site of the time server Priority Choose Auto or IPv6 First as the priority Time Zone Select the time zone where the router is located Enable Daylight Saving Check the box to enable the daylight saving Such feature is available for certain area A...

Страница 309: ...e than SNMP through the encryption method support AES and DES and authentication method support MD5 and SHA for the management needs Available settings are explained as follows Item Description Enable SNMP Agent Check it to enable this function Get Community Set the name for getting community by typing a proper character The default setting is public The maximum length of the text is limited to 23...

Страница 310: ...nity Notification Host IP IPv6 Set the IPv6 address of the host that will receive the trap community Trap Timeout The default setting is 10 seconds Enable SNMPV3 Agent Check it to enable this function USM User USM means user based security mode Type a username which will be used for authentication The maximum length of the text is limited to 23 characters Auth Algorithm Choose one of the encryptio...

Страница 311: ...ption Setup CVM Access Control and Device Management The management pages for IPv4 and IPv6 protocols are different F Fo or r I IP Pv v4 4 Available settings are explained as follows Item Description Router Name Enter the router name provided by ISP Default Disable Auto Logout If it is enabled the function of auto logout for web user interface will be disabled The web user interface will be open u...

Страница 312: ...TTP HTTPS FTP TR 069 and SSH servers Default Ports Check to use standard port numbers for the Telnet and HTTP servers Brute Force Protection Any client trying to access into Internet via Vigor router will be asked for passing through user authentication Such feature can prevent Vigor router from attacks when a hacker tries every possible combination of letters numbers and symbols until find out th...

Страница 313: ... After finished the above settings click OK to save the configuration F Fo or r I IP Pv v6 6 Available settings are explained as follows Item Description Management Access Control Allow management from the Internet Enable the checkbox to allow system administrators to login from the Internet There are several servers provided by the system to allow you managing the router from Internet Check the b...

Страница 314: ...s on and off Click the Button tab to get the following page Available settings are explained as follows Item Description Refresh Click to refresh the page to display the latest information Enable Wireless Button The default value is Enabled Deselect to disable the ability of the Wireless button to control WLAN and WPS functions Disabling the wireless button only prevents it from being used to cont...

Страница 315: ...h self signed certificate is signed with its own private key The self signed certificate will be applied in SSL VPN HTTPS and so on In addition it can be created for free by using a wide variety of tools Click Regeneration to open Regenerate Self Signed Certificate window Enter all the information that the window request such as certifcate name used for identifying different certificate subject al...

Страница 316: ...Vigor2620 Series User s Guide 304 ...

Страница 317: ...eb page and you can use the number that you have set in that web page If you want to reboot the router using the current configuration check Using current configuration and click Reboot Now To reset the router settings to default values check Using factory default configuration and click Reboot Now The router will take 5 seconds to reboot the system Info When the system pops up Reboot System web p...

Страница 318: ...wa ar re e U Up pg gr ra ad de e Click System Maintenance Firmware Upgrade to proceed to firmware upgrade Click Select to specify the one you just download After choosing the file you want click Upgrade The system will upgrade the firmware of the router automatically ...

Страница 319: ...e mechanism for your computer Click System Maintenance Activation to open the following page for accessing http myvigor draytek com Available settings are explained as follows Item Description Activate via Interface Choose WAN interface used by such device for activating Web Content Filter Activate The Activate link brings you accessing into www vigorpro com to finish the activation of the account...

Страница 320: ...Vigor2620 Series User s Guide 308 Below shows the successful activation of Web Content Filter ...

Страница 321: ...d traffic can be throttled back to a lower speed If there s no defined priority to specify which packets should be discarded or in another term dropped from an overflowing queue packets of sensitive applications mentioned above might be the ones to drop off How this will affect application performance There are two components within Primary configuration of QoS deployment Classification Identifyin...

Страница 322: ...n the backbone will do the same checking before executing treatments in order to ensure service level consistency throughout the whole QoS enabled network However each node may take different attitude toward packets with high priority marking since it may bind with the business deal of SLA among different DS domain owners It s not easy to achieve deterministic and consistent high priority QoS traf...

Страница 323: ...ns Limit to open the web page To activate the function of limit session for IPv4 and or IPv6 simply click Enable and set the default session limit Available settings are explained as follows Item Description Session Limit Enable Click this button to activate the function of limit session Disable Click this button to close the function of limit session Default Max Sessions Defines the default sessi...

Страница 324: ...Add Adds the specific session limitation onto the list above Edit Allows you to edit the settings for the selected limitation Delete Remove the selected settings existing on the limitation list Administration Message Enter the words which will be displayed when reaches the maximum number of Internet sessions permitted Default Message Click this button to apply the default message offered by the ro...

Страница 325: ...width Limit Enable Click this button to activate the function of limit bandwidth IP Routed Subnet Check this box to apply the bandwidth limit to the second subnet specified in LAN General Setup It is available for IPv4 settings only Disable Click this button to close the function of limit bandwidth Default TX limit Per User Define the default speed of the upstream for each computer in LAN Default ...

Страница 326: ...for each index Add Add the specific speed limitation onto the list above Edit Allow you to edit the settings for the selected limitation Delete Remove the selected settings existing on the limitation list Allow auto adjustment Check this box to make the best utilization of available bandwidth Smart Bandwidth Limit Check this box to have the bandwidth limit determined by the system automatically TX...

Страница 327: ...g traffic Inbound Outbound Bandwidth Set the connecting rate of data input output for other WAN For example if your ADSL supports 1M of downstream and 256K upstream please set 1000kbps for this box The default value is 10000kbps Class 1 3 Others Define the ratio of bandwidth to upstream speed and bandwidth to downstream speed There are four queues allowed for QoS control The first three Class 1 to...

Страница 328: ...xt for configuration You can configure general setup for the WAN interface edit the Class Rule and edit the Service Type for the Class Rule for your request O On nl li in ne e S St ta at ti is st ti ic cs s Click the Status link to display an online statistics for quality of service for your reference This feature is available only when the Quality of Service for WAN interface is enabled ...

Страница 329: ... application Outbound TCP ACK Prioritize The difference in bandwidth between download and upload are great in ADSL2 environment For the download speed might be impacted by the uploading TCP ACK you can check this box to push ACK of upload faster to speed the network traffic Info The rate of outbound inbound must be smaller than the real bandwidth to ensure correct calculation of QoS It is suggeste...

Страница 330: ...d as the name of Class Index 1 3 For adding a new rule click Add to open the following page Available settings are explained as follows Item Description Enable Check this box to invoke these settings Ethernet Type Please specify which protocol IPv4 or IPv6 will be used for this rule Local Address Click the Edit button to set the local IP address on LAN for the rule ...

Страница 331: ...ocessed according to the level type by the system Please assign one of the levels of the data for processing with QoS control Service Type It determines the service type of the data for processing with QoS control It can also be edited You can choose the predefined service type from the Service Type drop down list Those types are predefined in factory Simply choose the one that you want for using ...

Страница 332: ... settings are explained as follows Item Description Service Name Enter a new service for your request The maximum length of the name you can set is 11 characters Service Type Choose the type TCP UDP or TCP UDP or other for the new service Port Configuration Type Click Single or Range as the Type If you select Range you have to Enter the starting port number and the end porting number on the boxes ...

Страница 333: ... ca at ti io on n Packets coming from LAN IP can be retagged through QoS setting When the packets sent out through WAN interface all of them will be tagged with certain header and that will be easily to be identified by server on ISP For example in the following illustration the VoIP packets in LAN go into Vigor router without any header However when they go forward to the Server on ISP through Vi...

Страница 334: ...andwidth upon your demand of Voice Video or Data transferring Let s see how to get the optimum bandwidth per your request by using DrayTek Vigor router as below Scenario The Internet connection you got from ISP line is 2MB 512Kb There are VoIP telephony network IPTV set top box and data server at your home Assume you want to allocate 30 of the bandwidth you got to VoIP demand 50 for IPTV 15 for ma...

Страница 335: ...de 323 5 In the pop up window choose Range Address as the Address Type and Enter the start IP address and end IP address in relational fields Click OK to save the settings and exit the window 6 Click OK again to save the settings ...

Страница 336: ...k OK to return to previous page 8 Do the same steps to add class rules for IPTV and Data Email with IP addresses as shown below and 9 Assuming you get 2MB 512Kb Internet line You can check Enable of WAN1 to set up the bandwidth for different groups among VoIP IPTV and Data Email ...

Страница 337: ...20 Series User s Guide 325 10 Enter 30 50 and 15 in the boxes for VoIP IPTV and Data Email respectively 11 Click the WAN1 link and check the box of Enable UDP Bandwidth Control 12 Click OK to save the settings ...

Страница 338: ...st wireless coverage will be clearly indicated through simulated signal strength A AP P M Ma ai in nt te en na an nc ce e Vigor router can execute configuration backup configuration restoration firmware upgrade and remote reboot for the APs managed by the router It is very convenient for the administrator to process maintenance without accessing into the web user interface of the access point L Lo...

Страница 339: ...Traffic or Station Number by displaying VigorAP icon text and histogram Just move and click your mouse cursor on Status Event Log Total Traffic or Station Number Corresponding web pages will be open immediately To access into the web user interface of VigorAP simply move your mouse cursor on the VigorAP icon and click it The system will guide you to access into the web user interface of VigorAP ...

Страница 340: ...Display the SSID configured for the access point s connected to Vigor2620 Ch Display the channel used by the access point STA List Display the number of wireless clients stations connecting to the access point In which 0 64 means that up to 64 clients are allowed to connect to the access point But now no one connects to the access point The number displayed on the left side means 2 4GHz and the nu...

Страница 341: ...by such wireless profile Security Display the security mode selected by such wireless profile Multi SSID Enable means multiple SSIDs more than one are active Disable means only SSID1 is active WLAN ACL Display the name of the access control list Rate Ctrl Display the upload and or download transmission rate Clone It can copy settings from an existing WLAN profile to another WLAN profile First you ...

Страница 342: ...applied to the selected access point immediately Later the access point will reboot To Local WLAN Profile configured in this page is specified for VigorAP connected to Vigor router If required these settings also can be applied to Vigor router Select and check one of wireless profiles and click this button to apply the settings onto the WI Fi wireless settings configured for such Vigor router ...

Страница 343: ... th he e w wi ir re el le es ss s L LA AN N p pr ro of fi il le e 1 Select the WLAN profile index number 1 to 5 you want to edit 2 Click the index number link to display the following page Info The function of Auto Provision is available for the default WLAN profile ...

Страница 344: ...Vigor2620 Series User s Guide 332 3 After finished the general settings configuration click Next to open the following page for 2 4G wireless security settings ...

Страница 345: ...bove web page configuration click Next to open the following page for 5G wireless security settings 5 When you finished the above web page configuration click Finish to exit and return to the first page The modified WLAN profile will be shown on the web page ...

Страница 346: ...Reboot can be performed to more than one AP at one time by using Vigor2620 Available settings are explained as follows Item Description Action There are four actions provided by Vigor router to manage the access points Vigor router can backup the configuration of the selected AP restore the configuration for the selected AP perform the firmware upgrade of the selected AP reboot the selected AP rem...

Страница 347: ... action V VI I 3 3 5 5 T Tr ra af ff fi ic c G Gr ra ap ph h Click Traffic Graph to open the web page Choose one of the managed Access Points LAN A or LAN B daily or weekly for viewing data transmission chart Click Refresh to renew the graph at any time The horizontal axis represents time the vertical axis represents the transmission rate in kbps Info Enabling Disabling such function will also ena...

Страница 348: ...er Vigor router then Vigor router can obtain the temperature change graph of the USB temperature sensor installed onto VigorAP This page displays data including current temperature maximum temperature minimum temperature and average temperature V VI I 3 3 7 7 E Ev ve en nt t L Lo og g Time and event log for all of the APs managed by Vigor router will be shown on this page It is useful for troubles...

Страница 349: ...l T Tr ra af ff fi ic c Such page will display the total traffic of data receiving and data transmitting for VigorAPs managed by Vigor router V VI I 3 3 9 9 S St ta at ti io on n N Nu um mb be er r The total number of the wireless clients will be shown on this page ...

Страница 350: ...ed based on the station number configured in this page It is used to limit the allowed number for the station connecting to the access point The purpose is to prevent lots of stations connecting to access point at the same time and causing traffic unbalanced Please define the required station number for WLAN 2 4GHz and WLAN 5GHz separately By Traffic The operation of load balance will executed acc...

Страница 351: ... g reaching the limit of station number or limit of network traffic it will terminate the network connection of the client s station which is idle for a longest time Dissociate existing station by worst signal strength if it is less than When the access point is overload e g reaching the limit of station number or limit of network traffic it will terminate the network connection of the client s st...

Страница 352: ...Vigor2620 Series User s Guide 340 This page is left blank ...

Страница 353: ...igor2620 Series User s Guide 341 P Pa ar rt t V VI II I O Ot th he er rs s Define objects such as IP address service type keyword file extension and others These pre defined objects can be applied in CSM ...

Страница 354: ...eries User s Guide 342 V VI II I 1 1 O Ob bj je ec ct ts s S Se et tt ti in ng gs s Define objects such as IP address service type keyword file extension and others These pre defined objects can be applied in CSM ...

Страница 355: ... range usually will be applied in configuring router s settings therefore we can define them with objects and bind them with groups for using conveniently Later we can select that object group that can apply it For example all the IPs in the same department can be defined with an IP object a range of IP address You can set up to 192 sets of IP Objects with different conditions ...

Страница 356: ...s configured for the object profile Export IP Object Usually the IP objects can be created one by one through the web page of Objects IP Object However to a user who wants to save more time in bulk creating IP objects a quick method is offered by Vigor router to modify the IP objects with a single file a CSV file All of the IP objects or the template can be exported as a file by clicking Download ...

Страница 357: ...er Rule will ask you specify IP or IP range for WAN or LAN RT VPN or any IP address If you choose LAN RT VPN as the Interface here and choose LAN RT VPN as the direction setting in Edit Filter Rule then all the IP addresses specified with LAN RT VPN interface will be opened for you to choose in Edit Filter Rule page Address Type Determine the address type for the IP address Select Single Address i...

Страница 358: ...bnet Address type is selected Invert Selection If it is checked all the IP addresses except the ones listed above will be applied later while it is chosen 3 After finishing all the settings here please click OK to save the configuration Below is an example of IP objects settings ...

Страница 359: ...ows Item Description Set to Factory Default Clear all profiles Index Display the profile number that you can configure Name Display the name of the group profile To set a new profile please do the steps listed below 1 Click the number e g 1 under Index column for configuration in details 2 The configuration page will be shown as follows Available settings are explained as follows ...

Страница 360: ...bove will be shown in this box Selected IP Objects Click button to add the selected IP objects in this box 3 After finishing all the settings here please click OK to save the configuration V VI II I 1 1 3 3 I IP Pv v6 6 O Ob bj je ec ct t You can set up to 64 sets of IPv6 Objects with different conditions Available settings are explained as follows Item Description Set to Factory Default Clear all...

Страница 361: ...eral IPv6s within a range Select Subnet Address if this object contains one subnet for IPv6 address Select Any Address if this object contains any IPv6 address Select Mac Address if this object contains Mac address Mac Address Enter the MAC address of the network card which will be controlled Start IP Address Enter the start IP address for Single Address type End IP Address Enter the end IP addres...

Страница 362: ...tings are explained as follows Item Description Set to Factory Default Clear all profiles Index Display the profile number that you can configure Name Display the name of the group profile To set a new profile please do the steps listed below 1 Click the number e g 1 under Index column for configuration in details 2 The configuration page will be shown as follows ...

Страница 363: ...Pv6 Objects Click button to add the selected IPv6 objects in this box 3 After finishing all the settings please click OK to save the configuration V VI II I 1 1 5 5 S Se er rv vi ic ce e T Ty yp pe e O Ob bj je ec ct t You can set up to 96 sets of Service Type Objects with different conditions Available settings are explained as follows Item Description Set to Factory Default Clear all profiles In...

Страница 364: ... columns are available for TCP UDP protocol It can be ignored for other protocols The filter rule will filter out any port number when the first and last value are the same it indicates one port when the first and last values are different it indicates a range for the port and available for this profile when the first and last value are the same it indicates all the ports except the port defined h...

Страница 365: ...1 6 6 S Se er rv vi ic ce e T Ty yp pe e G Gr ro ou up p This page allows you to bind several service types into one group Available settings are explained as follows Item Description Set to Factory Default Clear all profiles Index Display the profile number that you can configure Name Display the name of the group profile ...

Страница 366: ...ings are explained as follows Item Description Name Type a name for this profile Maximum 15 characters are allowed Available Service Type Objects All the available service objects that you have added on Objects Setting Service Type Object will be shown in this box Selected Service Type Objects Click button to add the selected IP objects in this box 3 After finishing all the settings please click O...

Страница 367: ...et 200 keyword object profiles for choosing as black white list in CSM URL Web Content Filter Profile Available settings are explained as follows Item Description Set to Factory Default Clear all profiles Index Display the profile number that you can configure Name Display the name of the object profile ...

Страница 368: ... are explained as follows Item Description Name Type a name for this profile e g game Maximum 15 characters are allowed Contents Enter the content for such profile For example type gambling as Contents When you browse the webpage the page with gambling information will be watched out and be passed blocked based on the configuration on Firewall settings 3 After finishing all the settings please cli...

Страница 369: ...st in CSM URL Web Content Filter Profile Available settings are explained as follows Item Description Set to Factory Default Clear all profiles Index Display the profile number that you can configure Name Display the name of the group profile To set a new profile please do the steps listed below 1 Click the number e g 1 under Index column for configuration in details 2 The configuration page will ...

Страница 370: ...elected Keyword objects in this box 3 After finishing all the settings please click OK to save the configuration V VI II I 1 1 9 9 F Fi il le e E Ex xt te en ns si io on n O Ob bj je ec ct t This page allows you to set eight profiles which will be applied in CSM URL Content Filter All the files with the extension names specified in these profiles will be processed according to the chosen action Av...

Страница 371: ...ls 2 The configuration page will be shown as follows Available settings are explained as follows Item Description Profile Name Type a name for this profile The maximum length of the name you can set is 7 characters 3 Type a name for such profile and check all the items of file extension that will be processed in the router Finally click OK to save this profile ...

Страница 372: ...ult settings Index Display the profile number that you can configure Profile Name Display the name for such SMS profile SMS Provider Display the service provider which offers SMS service To set a new profile please do the steps listed below 1 Click the number e g 1 under Index column for configuration in details 2 The configuration page will be shown as follows Available settings are explained as ...

Страница 373: ...rd Type a password that the sender can use to register to selected SMS provider The maximum length of the password you can set is 31 characters Quota Enter the number of the credit that you purchase from the service provider chosen above Note that one credit equals to one SMS text message on the standard route Sending Interval To avoid quota being exhausted soon type time interval for sending the ...

Страница 374: ... 10 are fixed You can click the number e g 9 under Index column for configuration in details Available settings are explained as follows Item Description Profile Name Display the name of this profile It cannot be modified Service Provider Enter the website of the service provider Enter the URL string in the box under the filed of Service Provider You have to contact your SMS provider to obtain the...

Страница 375: ...terval for the system to send SMS After finishing all the settings here please click OK to save the configuration V VI II I 1 1 1 11 1 N No ot ti if fi ic ca at ti io on n O Ob bj je ec ct t This page allows you to set ten profiles which will be applied in Application SMS Alert Service You can set an object with different monitoring situation To set a new profile please do the steps listed below 1...

Страница 376: ...scription Profile Name Type a name for such notification profile The maximum length of the name you can set is 15 characters Category Display the types that will be monitored Status Display the status for the category You can check the box to be monitored 3 After finishing all the settings here please click OK to save the configuration ...

Страница 377: ...ation and etc Available settings are explained as follows Item Description Add Click it to open the following page for adding a new string object Set to Factory Default Click it to clear all of the settings in this page Index Display the number link of the string profile String Display the string defined Clear Choose the string that you want to remove Then click this check box to delete the select...

Страница 378: ... 1 Log into the web user interface of Vigor router 2 Configure relational objects first Open Object Settings SMS Server Object to get the following page Index 1 to Index 8 allows you to choose the built in SMS service provider If the SMS service provider is not on the list you can configure Index 9 and Index 10 to add the new service provider to Vigor router 3 Choose any index number e g Index 1 i...

Страница 379: ...rofile setting 5 Open Object Settings Notification Object to configure the event conditions of the notification 6 Choose any index number e g Index 1 in this case to configure conditions for sending the SMS In the following page Enter the name of the profile and check the Disconnected and Reconnected boxes for WAN to work in concert with the topic of this paper ...

Страница 380: ...se SMS Provider and the Notify Profile specify the time of sending SMS Then Enter the phone number in the field of Recipient Number the one who will receive the SMS 9 Click OK to save the settings Later if one of the WAN connections fails in your router the system will send out SMS to the phone number specified If the router has only one WAN interface the system will send out SMS to the phone numb...

Страница 381: ... P Pr ro ov vi id de er r Choose one of the Index numbers 9 or 10 allowing you to customize the SMS Provider In the web page Enter the URL string of the SMS provider and Enter the username and password After clicking OK the new added SMS provider will be added and will be available for you to specify for sending SMS out ...

Страница 382: ...Vigor2620 Series User s Guide 370 This page is left blank ...

Страница 383: ...371 P Pa ar rt t V VI II II I T Tr ro ou ub bl le es sh ho oo ot ti in ng g This part will guide you to solve abnormal situations if you cannot access into the Internet after installing the router and finishing the web configuration ...

Страница 384: ...elow to check your basic installation status stage by stage Checking if the hardware status is OK or not Checking if the network connection settings on your computer are OK or not Pinging the router from your computer Checking if the ISP settings are OK or not Backing to factory default setting if necessary If all above stages are done and the router still cannot run normally it is the time for yo...

Страница 385: ...1 1 1 1 D Di ia al l o ou ut t T Tr ri ig gg ge er ri in ng g Click Diagnostics and click Dial out Triggering to open the web page The internet connection e g PPPoE is triggered by a package sending from the source IP address Available settings are explained as follows Item Description Decoded Format It shows the source IP address local destination IP remote address the protocol and length of the ...

Страница 386: ...uide 374 V VI II II I 1 1 2 2 R Ro ou ut ti in ng g T Ta ab bl le e Click Diagnostics and click Routing Table to open the web page Available settings are explained as follows Item Description Refresh Click it to reload the page ...

Страница 387: ...ddress Resolution Protocol cache held in the router The table shows a mapping between an Ethernet hardware address MAC Address and an IP address Available settings are explained as follows Item Description Show Specify LAN and VLAN to display related information In default this page will display all of the information about LAN and VLAN Refresh Click it to reload the page ...

Страница 388: ...pping between an Ethernet hardware address MAC Address and an IPv6 address This information is helpful in diagnosing network problems such as IP address conflicts etc Click Diagnostics and click IPv6 Neighbour Table to open the web page Available settings are explained as follows Item Description Refresh Click it to reload the page ...

Страница 389: ...HCP Table to open the web page Available settings are explained as follows Item Description Index It displays the connection item number IP Address It displays the IP address assigned by this router for specified PC MAC Address It displays the MAC address for the specified PC that DHCP assigned IP address for it Leased Time It displays the leased time of the specified PC HOST ID It displays the ho...

Страница 390: ...able settings are explained as follows Item Description Private IP Port It indicates the source IP address and port of local PC Pseudo Port It indicates the temporary port of the router used for NAT Peer IP Port It indicates the destination IP address and port of remote host Interface It displays the representing number for different interface Refresh Click it to reload the page ...

Страница 391: ...nd displayed on Diagnostics DNS Cache Table Available settings are explained as follows Item Description Clear Click this link to remove the result on the window Refresh Click it to reload the page When an entry s TTL is larger than Check the box the Enter the value of TTL time to live for each entry Click OK to enable such function It means when the TTL value of each DNS query reaches the thresho...

Страница 392: ...n the web page or Available settings are explained as follows Item Description IPV4 IPV6 Choose the interface for such function Ping through Use the drop down list to choose the WAN interface that you want to ping through or choose Auto to be determined by the router automatically Ping to Use the drop down list to choose the destination that you ...

Страница 393: ...t ta a F Fl lo ow w M Mo on ni it to or r This page displays the running procedure for the IP address monitored and refreshes the data in an interval of several seconds The IP address listed here is configured in Bandwidth Management You have to enable IP bandwidth limit and IP session limit before invoking Data Flow Monitor If not a notification dialog box will appear to remind you enabling it Cl...

Страница 394: ... Display the number of the data flow IP Address Display the IP address of the monitored device TX rate kbps Display the transmission speed of the monitored device RX rate kbps Display the receiving speed of the monitored device Sessions Display the session number that you specified in Limit Session web page Action Block can prevent specified PC accessing into Internet within 5 minutes Unblock The ...

Страница 395: ...rrent transmission rate and receiving rate for WAN interface Peak means the highest peak value detected by the router in data transmission Speed means line speed specified in WAN General Setup If you do not specify any rate at that page here will display Auto for instead ...

Страница 396: ...Reset to zero the accumulated RX TX received and transmitted data of WAN Click Refresh to renew the graph at any time The horizontal axis represents time Yet the vertical axis has different meanings For WAN1 WAN2 LTE Bandwidth chart the numbers displayed on vertical axis represent the numbers of the transmitted and received packets in the past For Sessions chart the numbers displayed on vertical a...

Страница 397: ...t Simply Enter the IP address of the host in the box and click Run The result of route trace will be shown on the screen or Available settings are explained as follows Item Description IPv4 IPv6 Click one of them to display corresponding information for it Trace through Use the drop down list to choose the interface that you want to ping through Protocol Use the drop down list to choose the protoc...

Страница 398: ... I 1 1 1 12 2 I IP Pv v6 6 T TS SP PC C S St ta at tu us s IPv6 TSPC status web page could help you to diagnose the connection status of TSPC If TSPC has configured properly the router will display the following page when the user connects to tunnel broker successfully Available settings are explained as follows Item Description Refresh Click this link to refresh this page manually V VI II II I 1 ...

Страница 399: ...nvironment to find out if there is any abnormal connection Information of IP traced and destination port used for SYN Flood UDP Flood and ICMP Flood attacks will be detected and shown respectively on different pages Moreover IP address detected and suspected to attack the network system can be blocked shortly by clicking the Block button shown on pages of SYN Flood UDP Flood and ICMP Flood Info Th...

Страница 400: ...age will be blocked forever Available settings are explained as follows Item Description White Passing IP List Black Blocking IP List Enter the IP address in this field and click Add It will be added to the IP List and appear in the right frame IP list in the right frame will be blocked by Vigor system permanatly Remove It is used to remove selected IP address from the Blocking IP List Refresh Cli...

Страница 401: ...e hardware status 1 Check the power line and WLAN LAN cable connections Refer to I 2 Hardware Installation for details 2 Turn on the router Make sure the Activity LED blink once per second and the correspondent LAN LED is bright 3 If not it means that there is something wrong with the hardware status Simply back to I 2 Hardware Installation to execute the hardware installation again And then try a...

Страница 402: ...the link is stilled failed please do the steps listed below to make sure the network connection settings is OK F Fo or r W Wi in nd do ow ws s Info The example is based on Windows 7 As to the examples for other operation systems please refer to the similar steps or find support notes in www DrayTek com 1 Open All Programs Getting Started Control Panel Click Network and Sharing Center 2 In the foll...

Страница 403: ...or2620 Series User s Guide 391 4 Select Internet Protocol Version 4 TCP IP and then click Properties 5 Select Obtain an IP address automatically and Obtain DNS server address automatically Finally click OK ...

Страница 404: ...uide 392 F Fo or r M Ma ac c O OS S 1 Double click on the current used Mac OS on the desktop 2 Open the Application folder and get into Network 3 On the Network screen select Using DHCP from the drop down list of Configure IPv4 ...

Страница 405: ...ng the router correctly F Fo or r W Wi in nd do ow ws s 1 Open the Command Prompt window from Start menu Run 2 Type command for Windows 95 98 ME or cmd for Windows NT 2000 XP Vista 7 The DOS command dialog will appear 3 Type ping 192 168 1 1 and press Enter If the link is OK the line of Reply from 192 168 1 1 bytes 32 time 1ms TTL 255 will appear 4 If the line does not appear please check the IP a...

Страница 406: ...Vigor2620 Series User s Guide 394 ...

Страница 407: ... on or not If not please install an additional switch for connecting both Vigor router and the modem offered by ISP Then check if the LEDs on Vigor router are on or not If the problem of LEDs cannot be solved by the above measures please contact with the nearest reseller or send an e mail to DrayTek FAE for technical support Check if the settings offered by ISP are configured well or not When the ...

Страница 408: ...ar re e R Re es se et t You can reset the router to factory default via Web page Such function is available in Admin Mode only Go to System Maintenance and choose Reboot System on the web page The following screen will appear Choose Using factory default configuration and click Reboot Now After few seconds the router will return all the settings to the factory settings H Ha ar rd dw wa ar re e R R...

Страница 409: ...7 C Co on nt ta ac ct ti in ng g D Dr ra ay yT Te ek k If the router still cannot work correctly after trying many efforts please contact your dealer for further help right away For any questions please feel free to send e mail to support DrayTek com ...

Страница 410: ...Vigor2620 Series User s Guide 398 This page is left blank ...

Страница 411: ...Vigor2620 Series User s Guide 399 P Pa ar rt t I IX X T Te el ln ne et t C Co om mm ma an nd ds s ...

Страница 412: ...e Windows Features of Telnet Client has been turned on under Control Panel Programs Type cmd and press Enter The Telnet terminal will be open later In the following window type Telnet 192 168 1 1 as below and press Enter Note that the IP address in the example is the default address of the router If you have changed the default enter the current IP address of the router Next type admin admin for A...

Страница 413: ...Vigor2620 Series User s Guide 401 ...

Страница 414: ...adsl status more counts hlog qln snr bandinfo olr E Ex xa am mp pl le e adsl status ATU R Info hw annex A f w annex A B C Running Mode State TRAINING DS Actual Rate 0 bps US Actual Rate 0 bps DS Attainable Rate 0 bps US Attainable Rate 0 bps DS Path Mode Fast US Path Mode Fast DS Interleave Depth 0 US Interleave Depth 0 NE Current Attenuation 0 dB Cur SNR Margin 0 dB DS actual PSD 0 0 dB US actual...

Страница 415: ...ferent protocols 0 PPPoA 1 PPPoE 2 MPoA modu 0 T1 413 2 G dmt 4 Multi 5 ADSL2 7 ADSL2_AnnexM 8 ADSL2 14 ADSL2 _AnnexM acqIP It means the way to acquire IP address Type the number to determine the IP address by specifying or assigned dynamically by DHCP server 0 fix_ip 1 dhcp_client PPPoE PPPoA acquire IP method idle Type number to determine the network connection will be kept for always or idle af...

Страница 416: ...he whole bridge status save It means to save the configuration to flash enable It means to enable the Multi VLAN function disable It means to disable the Multi VLAN function on off It means to turn on off bridge mode for the specific channel clear It means to turn off and clear all the PVC settings tag tag_no It means to set tag number tag_no 0 4095 1 means no tag pri pri_no The number 0 to 7 can ...

Страница 417: ...e on DSL is under IDLE QUIET test mode DSL debug tool mode is off adsl idle tcpmessage Set DSL debug tool mode on Please reboot system to take effect adsl idle tcpmessage_off Set DSL debug tool mode off Please reboot system to take effect T Te el ln ne et t C Co om mm ma an nd d a ad ds sl l d dr ri iv ve em mo od de e This command is useful for laboratory to measure largest power of data transmis...

Страница 418: ...5 F5 End to End VC level chklink Check the DSL connection log_on log_off Enable or disable the OAM log for debug log_on enable log_off disable E Ex xa am mp pl le e adsl oamlb chklink on OAM checking dsl link is ON adsl oamlb F5 4 Tx cnt 0 Rx Cnt 0 T Te el ln ne et t C Co om mm ma an nd d a ad ds sl l v vc ci il li im mi it t This command can cancel the limit for vci value Some ISP might set the v...

Страница 419: ...de set It means to use default settings plus the new added ADSL mode default It means to use default settings show It means to display current setting adsl_mode There are three modes to be choose ANNEXL ANNEXM annexA ADSL over POTS and ANNEXJ annexB ADSL over ISDN adsl_mode ANNEXL ANNEXM ANNEXJ E Ex xa am mp pl le e adsl automode set ANNEXJ Automode supported T1 413 G DMT ADSL2 ADSL2 ANNEXJ adsl a...

Страница 420: ...eter Description FUNC Available functions contain trellis bitswap sra retx aelem status g vector default us ds bi us upstream ds downstream bi bidirection aelem and g vector can be only on off value The value set here is for bitswap sra only For bitswap value 0 2 For sra value 0 2 3 4 on off Type on for enabling such function Type off for disabling such function E Ex xa am mp pl le e adsl optn def...

Страница 421: ... ex 00fe7244 79612f21 E Ex xa am mp pl le e adsl vendorid status User define CPE Vendor ID is OFF vid0 vid1 0x00fe7244 79612f21 adsl vendorid on set vid0 vid1 User define CPE Vendor ID is ON T Te el ln ne et t C Co om mm ma an nd d a ad ds sl l a at tm m This command can set QoS parameter for ATM S Sy yn nt ta ax x adsl atm pcr pvc_no PCR max adsl atm scr pvc_no SCR adsl atm mbs pvc_no MBS adsl at...

Страница 422: ...cbinding 1 S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description pvc_x It means the PVC number for the source pvc_x 2 7 pvc_y It means the PVC number that the source PVC will be bound to pvc_y 0 7 status Display a table for PVC binding group 1 It means to clear specific PVC binding E Ex xa am mp pl le e adsl pvcbinding 3 5 set done bind pvc3 to pvc5 The above example means PVC...

Страница 423: ...400 T Te el ln ne et t C Co om mm ma an nd d v vd ds sl l s st ta at tu us s This command is used to display current status of VDSL setting S Sy yn nt ta ax x vdsl status more counts hlog qln snr bandinfo olr E Ex xa am mp pl le e vdsl status ATU R Info hw annex A f w annex A B C Running Mode State TRAINING DS Actual Rate 0 bps US Actual Rate 0 bps DS Attainable Rate 0 bps US Attainable Rate 0 bps...

Страница 424: ...ystem to take effect T Te el ln ne et t C Co om mm ma an nd d v vd ds sl l d dr ri iv ve er rm mo od de e This command is useful for laboratory to measure largest power of data transmission Please follow the steps below to set vdsl drivermode 1 Please connect dsl line to the DSLAM 2 Waiting for dsl SHOWTIME 3 Drop the dsl line 4 Now it is on continuous sending mode and vdsl2 2 led is always ON 5 U...

Страница 425: ...Bi Bin SNR Gain Bi dB 1dB ts dB 1dB ts dB 1dB ts dB 1dB ts T Te el ln ne et t C Co om mm ma an nd d v vd ds sl l o op pt tn n This command allows you to configure DSL line feature S Sy yn nt ta ax x vdsl optn FUNC us ds bi value on off S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description FUNC Available settings contain trellis bitswap sra retx aelem status g vector default us...

Страница 426: ...status on off vdsl vendorid set vid0 vid1 S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description status Display current status of user defined vendor ID on off Type on for enabling such function Type off for disabling such function set vid0 vid1 It means to set user defined vendor ID with vid0 and vid1 The vendor ID shall be set with HEX format ex 00fe7244 79612f21 E Ex xa am m...

Страница 427: ...C Co om mm ma an nd d c cs sm m a ap pp pe e p pr ro of f Commands under CSM allow you to set CSM profile to define policy profiles for different policy of IM Instant Messenger P2P Peer to Peer application csm appe prof is used to configure the APP Enforcement Profile name Such profile will be applied in Default Rule of Firewall General Setup for filtering S Sy yn nt ta ax x csm appe prof i INDEX ...

Страница 428: ...k specific application AP_IDX Specify the index number of the application here AP_IDX 1 119 E Ex xa am mp pl le e csm appe set i 1 e 1 Profile 1 AIM is enabled csm appe set i 32 e 90 Profile 32 PPTV is enabled T Te el ln ne et t C Co om mm ma an nd d c cs sm m a ap pp pe e s sh ho ow w It is used to display group IM P2P Protocol and Others information APP Enforcement Profile csm appe show a i p t ...

Страница 429: ...p t View the configuration status of protocol group m View the configuration status of Others group E Ex xa am mp pl le e csm appe config v 1 m Group Type Index Name Enable A vance Enable Advance abbreviation Message File Transfer Game Conference and Other Advance abbreviation M F G C and O OTHERS TUNNEL 75 DNSCrypt Disable OTHERS TUNNEL 76 DynaPass Disable OTHERS TUNNEL 77 FreeU Disable OTHERS TU...

Страница 430: ...set the profile name PROFILE_NAME Enter the name of the profile less than 16 characters p VALUE Set the priority defined by the number specified in VALUE for the profile Number 0 to 3 represent different conditions VALUE 0 It means Bundle Pass VALUE 1 It means Bundle Block VALUE 2 It means Either URL Access Control First VALUE 3 It means Either Web Feature First l P B A It means the log type of th...

Страница 431: ... URL Access Control will be passed i E D Prevent the web access from any IP address E Enable the function The Internet access from any IP address will be blocked D Disable the function o KEY_WORD_Object_Index Set the keyword object KEY_WORD_Object_Index Specify the index number of the object profile g KEY_WORD_Group_Index Set the keyword group KEY_WORD_Group_Index Specify the index number of the g...

Страница 432: ...guration of the CSM profile e It means to enable the restriction of web feature d It means to disable the restriction of web feature a P B Set the action of web feature P or B B Block The web access meets the web feature will be blocked P Pass The web access meets the web feature will be passed s WEB_FEATURE It means to enable the the Web Feature configuration Features available for configuration ...

Страница 433: ...ilter server msg MSG It means de set the administration message MSG means the content less than 255 characters of the message itself setdefault It means to return to default settings for all of the profile obj It means to specify the object profile INDEX It means to specify the index number of CSM profile INDEX 1 8 v It means to view the web content filter profile a P B Set the action of web conte...

Страница 434: ... Domains Peer to Peer Private IP Address School Cheating Sex Education Tasteless Child Abuse Images Uncategorised Sites u CATEGORY WEB_GROUP It means to discard items under CATEGORY or WEB_GROUP WEB_GROUP Includes Child Protection Group Leisure Group Business Group Chating Group Computer Internet Group Other Group CATEGORY Includes Advertisement Pop Ups Alcohol Tobacco Anonymizers Arts Business Tr...

Страница 435: ...eating v Sex Education v Tasteless v Child Abuse Images leisure Group Entertainment Games Sports Travel Leisure Recreation Fashion Beauty T Te el ln ne et t C Co om mm ma an nd d d dd dn ns s l lo og g Displays the DDNS log E Ex xa am mp pl le e ddns log T Te el ln ne et t C Co om mm ma an nd d d dd dn ns s e en na ab bl le e Enables or disables the DDNS function S Sy yn nt ta ax x ddns enable 0 1...

Страница 436: ...ue limit up to 24 characters C value It means to enable disable Wildcards value 0 1 0 Disable 1 Enable B value It means to enable disable Backup MX value 0 1 0 Disable 1 Enable M value It means to type Mail Extender value limit up to 60 characters R value It means to type Determine Real WAN IP value 0 1 0 WAN IP 1 Internet IP S value It means to specify Servive Provider If user want to set User De...

Страница 437: ...e limit up to 64 characters A value It means to type User Defined Service API value limit up to 256 characters a value It means to type User Defined Auth Type value 0 1 0 basic 1 URL N value It means to type User Defined Connection Type value 0 1 0 Http 1 Https O value It means to type User Defined Server Response value limit up to 32 characters E Ex xa am mp pl le e ddns set i 1 S 6 T 1 D hostnam...

Страница 438: ...ttings E Ex xa am mp pl le e ddns setdefault Set to Factory Default T Te el ln ne et t C Co om mm ma an nd d d dd dn ns s s sh ho ow w This command allows users to check the content of selected DDNS account S Sy yn nt ta ax x ddns show i value S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description i value Display the content of selected DDNS account by entering the index number...

Страница 439: ... rate packet second that a flooding attack will be detected Set a value larger than 20 TIMEOUT It means the time seconds that a flooding attack will be blocked Set a value larger than 5 a ATTACK_F ATTACK_0 It means to enable the defense function for all attacks listed in ATTACK_0 ATTACK_F Specify the name of flooding attack s or portscan e g synflood udpflood icmpflood or postscan ATTACK_0 Specify...

Страница 440: ...n IPv4 address or enter all P B add6 ipv6_addr It means to add an IPv6 address to Passing List or Blocking List ipv6_addr Enter an IPv6 address P B remove6 ipv6_addr all It means to remove IPv6 address in Passing List or Blocking List ipv6_addr all Enter an IPv6 address or enter all P B show It means to show the Passing List or Blocking List E Ex xa am mp pl le e dos A The Dos Defense system is Ac...

Страница 441: ...ration and n means different conditions n 1 999 Idle time for offline default 180 seconds n 1 Always on i ip address It means that PPPoE server will assign an IP address specified here for CPE PPPoE client If you type 0 0 0 0 as the ip address ISP will assign suitable IP address for you However if you type an IP address here the router will use that one as a fixed IP w ip address It means to assig...

Страница 442: ...Set the fourth schedule for USB PPP mode n 1 15 Q mode Set PPP mode or DHCP mode WAN Connection Detection Mode mode 0 ARP Detect 1 Ping Detect I ping ip Set PPP mode or DHCP mode WAN Connection Detection Ping IP for USB DHCP or PPP mode ping ip ppp qqq rrr sss WAN Connection Detection Ping IP L n Set WAN Connection Detection TTL 1 255 value for USB PPP mode N 1 255 E sim pin code Set SIM PIN code ...

Страница 443: ...1 WAN IP Dynamic IP internet M 1 u link1 p link1 a 0 WAN1 Internet Mode set to PPPoE PPPoA WAN1 Username set to link1 WAN1 Password set successful WAN1 PPP Authentication Type set to PAP CHAP T Te el ln ne et t C Co om mm ma an nd d i ip p p pu ub bs su ub bn ne et t This command allows users to enable or disable the public subnet for your router S Sy yn nt ta ax x ip pubsubnet Enable Disable S Sy...

Страница 444: ...public subnet mask S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description Display current IP address which allows users set as the public subnet mask public subnet IP address Specify a subnet mask The system will set the one that you specified as the public subnet mask E Ex xa am mp pl le e ip pubmask ip pubmask public subnet mask Now 255 255 255 0 ip pubmask 255 255 0 0 Set pu...

Страница 445: ...played on your screen E Ex xa am mp pl le e ip aux add 192 168 1 65 1 192 168 1 65 has added in index 2 DrayTek ip aux ip aux add IP Join to NAT Pool ip aux remove Index Where IP Auxiliary WAN IP Address Join to NAT Pool 0 or 1 Index The Index number of table Now auxiliary WAN1 IP Address table Index no Status IP address NAT IP pool 1 Disable 0 0 0 0 Yes 2 Enable 192 168 1 65 Yes ...

Страница 446: ...k segment the IP address of the PC must be fixed with the same LAN IP address network segment set by this command for accessing into the web user interface of the router Later modify the start addresses for the DHCP server T Te el ln ne et t C Co om mm ma an nd d i ip p n nm ma as sk k This command allows users to set add a specified netmask for your router S Sy yn nt ta ax x ip nmask IP netmask S...

Страница 447: ... subnet mask on selected interface IP address Enter an IP address MAC address Enter the MAC address of your router LAN WAN It indicates the direction for the arp function del IP address LAN WAN It means to delete one LAN IP address on selected interface IP address Enter an IP address LAN WAN It indicates the direction for the arp function accept 0 1 2 3 4 5 status 0 disable to accept illegal sourc...

Страница 448: ...ption number 0 255 v set option value by string x set option value by raw byte hex u update by index number release It means to release current WAN IP address renew It means to renew the WAN IP address and obtain another new one status It displays current status of DHCP client E Ex xa am mp pl le e ip dhcpc option e 1 w 1 2 c 18 v path1 T Te el ln ne et t C Co om mm ma an nd d i ip p p pi in ng g ...

Страница 449: ...scription IP address It means the target IP address WAN1 WAN2 WAN3 It means the WAN port that the above IP address passes through Udp Icmp It means the UDP or ICMP E Ex xa am mp pl le e ip tracert 22 128 2 62 WAN1 Traceroute to 22 128 2 62 30 hops max 1 172 16 3 7 10ms 2 172 16 1 2 10ms 3 Request Time out 4 168 95 90 66 50ms 5 211 22 38 134 50ms 6 220 128 2 62 50ms Trace complete T Te el ln ne et ...

Страница 450: ...his command allows users to set the RIP routing information protocol of IP S Sy yn nt ta ax x ip rip 0 1 2 S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description 0 1 2 0 means disable 1 means first subnet and 2 means second subnet E Ex xa am mp pl le e ip rip 1 Set RIP LAN1 ...

Страница 451: ...function of setting RIP of WAN IP 0 Disable the function E Ex xa am mp pl le e ip wanrip Valid ex ip wanrip ifno e 0 1 ifno 1 WAN1 2 WAN2 3 PVC3 4 PVC4 5 PVC5 e 0 1 0 disable 1 enable Now status WAN 1 Rip Protocol disable WAN 2 Rip Protocol disable WAN 3 Rip Protocol disable WAN 4 Rip Protocol disable WAN 5 Rip Protocol disable WAN 6 Rip Protocol enable WAN 7 Rip Protocol enable ip wanrip 5 e 1 ip...

Страница 452: ...he connection interface 3 WAN1 4 WAN2 7 WAN5 8 WAN6 9 WAN7 rtype Enter the type default or static of the route del dst netmask rtype It means to delete specified IP address dst Enter the IP address of the destination netmask Enter the netmask of the specified IP address rtype Enter the type default or static of the route status It means current status of static route cnc It means current IP range ...

Страница 453: ...on off show help It means to turn on off display or get more information of the T_home service query value It means to set IGMP general query interval value Enter a number The default value is 125000 ms ppp 0 1 It means to enable or disable the function 0 No need to set IGMP with PPP header 1 Set IGMP with PPP header status It means to display current status for proxy server version v2 v3 auto sho...

Страница 454: ...iguration txquery on off v2 v3 It means to send out IGMP QUERY to LAN periodically On enable Off disable v2 version v2 v3 version v3 chkleave on off It means to check the leave status On enable the IGMP snoop leave checking function Off it will drop LEAVE if still clients on the same group separate on off It means to set IGMP packets being separated by NAT Bridge On The packets will be separated O...

Страница 455: ...eave you MUST enable IGMP snooping ip igmp_snoop enable ip igmp snooping enable disable status IGMP Snooping is Enabled ip igmp_fl enable ip igmp_fl enable disable status IGMP Fast Leave is Enabled T Te el ln ne et t C Co om mm ma an nd d i ip p d dm mz z Specify MAC address of certain device as the DMZ host S Sy yn nt ta ax x ip dmz mac S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Paramet...

Страница 456: ... ip session block unblock IP ip session add del IP1 IP2 num p2pnum S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description on It means to turn on session limit for each IP off It means to turn off session limit for each IP default num It means to set the default number of session num limit defautlp2p num It means to set the default number of session num limit for p2p status It m...

Страница 457: ...andwidth status ip bandwidth show ip bandwidth add del IP1 IP2 tx rx shared S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description on It means to turn on the IP bandwidth limit off It means to turn off the IP bandwidth limit default tx_rate rx_rate tx_rate rx_rate It means to set default tx and rx rate of bandwidth limit The range is from 0 65535 Kpbs status It means to display...

Страница 458: ...to network off It means to turn off all the bindmac policy strict_on strict_off It means that only those IP address in IP bindmac policy table can can not access into network add IP MAC Comment It means to add one ip bindmac IP It means to enter the IP address for binding with specified MAC address MAC It means to Enter the MAC address for binding with the IP address specified Comment It means to ...

Страница 459: ...f the pair of binded one E Ex xa am mp pl le e ip bindmac add 192 168 1 46 00 50 7f 22 33 55 just for test ip bindmac show ip bind mac function is turned OFF ip bind mac function is STRICT OFF Show all IP Bind MAC entries IP 192 168 1 46 bind MAC 00 50 7f 22 33 55 HOST ID null Comment just ip bindmac subnet set 2 Set LAN 1 is OK ip bindmac subnet show LAN 2 ...

Страница 460: ...LAN 0 1 S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description WAN LAN It means to block IP packet from WAN LAN with inconsistent source IP address 0 1 0 Disable the function 1 Enable the funciton E Ex xa am mp pl le e ip spoofdef WAN 1 Setting saved T Te el ln ne et t C Co om mm ma an nd d i ip p6 6 a ad dd dr r This command allows users to set the IPv6 address for your router...

Страница 461: ... LAN2 WAN1 WAN2 U SB1 USB2 VPN1 VPN32 u It means to show current address es status LAN1 LAN2 WAN1 WAN2 USB1 USB2 VPN1 VPN32 It means to specify LAN WAN USB VPN interface u It means to show unicast address only v LAN1 LAN2 WAN1 WAN2 U SB1 USB2 It means to show prefix list status t old prefix old prefix leng th new prefix new prefix length LAN1 LAN2 WAN1 WAN2 U SB1 USB2 It means to update WAN static...

Страница 462: ...te a ULA automatically LAN1 LAN2 It means to specify a LAN interface c LAN1 LAN2 It means to delete a ULA LAN1 LAN2 It means to specify a LAN interface e type LAN1 LAN2 It means to set ULA type type 0 disable 1 static 2 auto LAN1 LAN2 It means to specify a LAN interface E Ex xa am mp pl le e ip6 addr a LAN Unicast Address FE80 250 7FFF FE00 0 64 Link Multicast Address FF02 2 FF02 1 FF00 0 FF02 1 i...

Страница 463: ...yed E Ex xa am mp pl le e ip6 dhcp req_opt WAN2 S 1 ip6 dhcp req_opt WAN2 r 1 ip6 dhcp req_opt WAN2 a Interface WAN2 is set to request following DHCPv6 options sip name T Te el ln ne et t C Co om mm ma an nd d i ip p6 6 d dh hc cp p c cl li ie en nt t This command allows you to use DHCPv6 protocol to obtain IPv6 address from server S Sy yn nt ta ax x ip6 dhcp client WAN1 WAN2 USB1 USB2 command par...

Страница 464: ...ue max 31 characters in delayed protocol parameter Enter a string S parameter It means to set shared secret max 31 characters in delayed protocol parameter Enter a string K parameter It means to set key ID 1 65535 in delayed protocol parameter Enter a number E Ex xa am mp pl le e ip6 dhcp client WAN2 p 2008 1 ip6 dhcp client WAN2 a Interface WAN2 has following DHCPv6 client settings DHCPv6 client ...

Страница 465: ...eans to set valid lifetime time Enter a value u time It means to set T1 time time Enter a value o time It means to set T2 time time Enter a value i pool_min_addr It means to set the start IPv6 address of the address pool pool_min_addr Enter an IPv6 address x pool_max_addr It means to set the end IPv6 address of the address pool pool_max_addr Enter an IPv6 address R It means to send reconfigure pac...

Страница 466: ...hcp server x ff02 3 ip6 dhcp server a Interface LAN has following DHCPv6 server settings DHCPv6 server disabled maximum address of the pool FF02 3 minimum address of the pool FF02 1 1st DNS IPv6 Addr FF02 1 T Te el ln ne et t C Co om mm ma an nd d i ip p6 6 i in nt te er rn ne et t This command allows you to configure settings for accessing Internet S Sy yn nt ta ax x ip6 internet command paramete...

Страница 467: ...username It means to set username max 63 characters username Enter a string P password It means to set Password max 63 characters password Enter a password s server It means to set Tunnel Server IP server Enter an IPv4 Address or URL max 63 characters AICCU p prefix It means to set Subnet Prefix AICCU prefix Enter a prefix number of IPv6 address l n It means to set Subnet Prefix length AICCU n Ent...

Страница 468: ...r Enter a hostname or an IPv6 address i value It means to set ipv6 connection interval value Enter a number 1500 60000 unit 10ms b 0 1 It means to enable DNSv6 based on DHCPv6 1 on 0 off R 0 1 It means to Enable RIPng 1 on 0 off E Ex xa am mp pl le e ip6 internet W 2 M 2 u 88886666 p draytek123456 s amsterdam freenet6 net This setting will take effect after rebooting Please use sys reboot command ...

Страница 469: ...er an IPv6 address eth_addr Enter a submask address LAN1 LAN2 WAN1 WAN2 USB1 USB2 Specify an interface for the neighbor d inet6_addr LAN1 LAN2 WAN1 WAN2 U SB1 USB2 It means to delete a neighbour inet6_addr Enter an IPv6 address LAN1 LAN2 WAN1 WAN2 USB1 USB2 Specify an interface for the neighbor a inet6_addr N LAN1 LAN2 WAN1 WAN2 U SB1 USB2 It means to show neighbour status inet6_addr Enter an IPv6...

Страница 470: ...how proxy neighbour status inet6_addr Enter an IPv6 address LAN1 LAN2 WAN1 WAN2 USB1 USB2 Specify an interface for the proxy neighbor E Ex xa am mp pl le e ip6 neigh s FE80 250 7FFF FE12 300 LAN1 Neighbour FE80 250 7FFF FE12 300 successfully added T Te el ln ne et t C Co om mm ma an nd d i ip p6 6 r ro ou ut te e This command allows you to set route for IPv6 connection S Sy yn nt ta ax x ip6 route...

Страница 471: ... LAN1 256 U FE80 16 LAN1 1024 UGS FE80 250 7FFF FE12 100 FF00 8 LAN1 256 U T Te el ln ne et t C Co om mm ma an nd d i ip p6 6 p pi in ng g This command allows you to pin an IPv6 address or a host S Sy yn nt ta ax x ip6 ping IPv6 address Host LAN1 LAN2 WAN1 WAN2 USB1 USB2 send count data_size S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description IPV6 address Host It means to sp...

Страница 472: ... am mp pl le e ip6 tracert 2001 4860 4860 8888 traceroute to 2001 4860 4860 8888 30 hops max through protocol ICMP 1 2001 5C0 1400 B 10B8 340 ms 2 2001 4DE0 1000 A22 1 330 ms 3 2001 4DE0 A 1 330 ms 4 2001 4DE0 1000 34 1 340 ms 5 2001 7F8 1 A501 5169 1 330 ms 6 2001 4860 1 0 4B3 350 ms 7 2001 4860 8 0 2DAF 330 ms 8 2001 4860 2 0 66E 340 ms 9 Request timed out 10 2001 4860 4860 8888 350 ms Trace com...

Страница 473: ...S Disable Enable Deploy 0 1 2 when WAN is up d lifetme It means to set RA default lifetime i lifetme It means to set RA min interval time sec I lifetme It means to set RA MAX interval time sec h hoplimit It means to set RA hop limit m mtu auto It means to set RA MTU 1280 1500 mtu auto auto select MTU from WAN e time It means to set reachable time a time infinity It means to set retransmit timer in...

Страница 474: ... allowed to be configured for IPv6 management prefix It means to enter the prefix number of IPv6 address prefix length It means to enter a fixed value as the length of the prefix remove Index It means to remove delete the specified index number with IPv6 settings index It means the number 1 2 and 3 allowed to be configured for IPv6 management flush It means to clear the IPv6 access table status It...

Страница 475: ...link 1280 Config MTU 0 T Te el ln ne et t C Co om mm ma an nd d i ip p6 6 a ai ic cc cu u This command allows you to set IPv6 settings for WAN interface with connection type of AICCU S Sy yn nt ta ax x ip6 aiccu i ifno r ip6 aiccu i ifno s S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description Ifno It means the connection interface 1 WAN1 2 WAN2 r It means to remove delete the ...

Страница 476: ...n 1 LAN1 n 2 LAN2 x LANx Default is LAN1 w n It means to selete WAN interface to be primary interface n 0 None n 1 WAN1 n 2 WAN2 x WANx d server It means to set 1st DNS Server IP server Enter the IPv6 Address D server It means to set 2nd DNS Server IP server Enter the IPv6 Address m n It means to set ipv6 LAN management n 0 OFF n 1 SLAAC Default is SLAAC n 2 DHCPv6 o n It means to enable Other opt...

Страница 477: ... 4860 4860 8844 ULA Type OFF RIPng Enable T Te el ln ne et t C Co om mm ma an nd d i ip p6 6 s se es ss si io on n This command allows you to set sessions limit for IPv6 address S Sy yn nt ta ax x ip6 session on ip6 session off ip6 session default num ip6 session status ip6 session show ip6 session add P1 IP2 num ip6 session del P1 all S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter...

Страница 478: ...dd IP1 IP2 tx rx shared ip6 bandwidth del IP1 all S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description on It means to turn on bandwidth limit for each IP off It means to turn off bandwidth limit for each IP default tx_rate rx_rate It means to set the default transmission tx receiving rx rate of bandwidth limit 0 30000 Kbps Mbps tx_rate Enter a number rx_rate Enter a number st...

Страница 479: ...nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description V It means to show the version of this IP filter c It means to show the running call filter rules d It means to show the running data filter rules h It means to show the hit number of the filter rules r It means to show the running call and data filter rules t It means to display all the information at one time z It means to clear ...

Страница 480: ... am mp pl le e ipf flowtrack set r Refresh the flowstate ok ipf flowtrack view f Start to show the flowtrack sessions state ORIGIN 192 168 1 11 59939 8 8 8 8 53 ifno 0 REPLY 8 8 8 8 53 192 168 1 11 59939 ifno 3 proto 17 age 93023180 3920 flag 203 ORIGIN 192 168 1 11 15073 8 8 8 8 53 ifno 0 REPLY 8 8 8 8 53 192 168 1 11 15073 ifno 3 proto 17 age 93025100 2000 flag 203 ORIGIN 192 168 1 11 7247 8 8 8...

Страница 481: ...1 LLC 0 00 05 DSL Modulation type 4 MULTI T Te el ln ne et t C Co om mm ma an nd d m mn ng gt t f ft tp pp po or rt t This command allows users to set FTP port for management S Sy yn nt ta ax x mngt ftpport FTP port S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description FTP port FTP port Enter the number of FTP port The default setting is 21 E Ex xa am mp pl le e mngt ftpport 2...

Страница 482: ...om mm ma an nd d m mn ng gt t t te el ln ne et tp po or rt t This command allows users to set telnet port for management S Sy yn nt ta ax x mngt telnetport telnet port S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description telnet port telnet port Enter the number for telnet port The default setting is 23 E Ex xa am mp pl le e mngt telnetport 23 Set Telnet server port to 23 done...

Страница 483: ... and source IP clearlog It means to clear the log of ping action E Ex xa am mp pl le e mngt noping off No Ping Packet Out is OFF T Te el ln ne et t C Co om mm ma an nd d m mn ng gt t d de ef fe en ns se ew wo or rm m This command can block specified port for passing through the router S Sy yn nt ta ax x mngt defenseworm on mngt defenseworm off mngt defenseworm add port mngt defenseworm del port mn...

Страница 484: ...ce_https on off S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description status It means to display current setting for your reference enable It means to allow the system administrators to login from the Internet disable It means to deny the system administrators to login from the Internet http https ftp telnet s sh tr069 enforce_https on off It means to specify one of the server...

Страница 485: ...ed for accessing into the router f It means to flush all of the settings d It means to restore the factory default settings v It means to view current settings h It means to get the usage of such command E Ex xa am mp pl le e mngt lanaccess e 1 mngt lanaccess s FTP TELNET mngt lanaccess i LAN3 mngt lanaccess v Current LAN Access Control Setting Enable Yes Service FTP Yes HTTP No HTTPS No TELNET Ye...

Страница 486: ...n nt ta ax x mngt accesslist list mngt accesslist add index IP addr mask mngt accesslist remove index mngt accesslist flush S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description list It can display current setting for your reference add index IP addr mask It means adding a new entry index Enter an index number of the entry IP addr Enter an IP address mask Enter the mask addres...

Страница 487: ...n host IP address Enter an IP address or IP address with subnet or manager host IP Three IP addresses can be entered and separated by t Community name It means to set trap community by typing a proper name max 23 characters Community name Enter a string n IP address It means to set the IPv4 address of the host that will receive the trap community IP address Enter an IP address or IP address with s...

Страница 488: ... dr r This command is used to configure IP address for the specified LAN interface S Sy yn nt ta ax x msubnet addr 2 IP address S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description 2 It means LAN interface IP address Enter the private IP address for the specified LAN interface E Ex xa am mp pl le e msubnet addr 2 192 168 5 1 Set LAN2 subnet IP address done This setting will t...

Страница 489: ... mp pl le e msubnet status 2 LAN2 Off 0 0 0 0 0 0 0 0 PPP Start IP 0 0 0 60 DHCP server Off Dhcp Gateway 0 0 0 0 Start IP 0 0 0 10 Pool Count 50 T Te el ln ne et t C Co om mm ma an nd d m ms su ub bn ne et t d dh hc cp ps s This command allows you to enable or disable DHCP server for the subnet S Sy yn nt ta ax x msubnet dhcps 2 On Off S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter...

Страница 490: ...use sys reboot command to reboot the router T Te el ln ne et t C Co om mm ma an nd d m ms su ub bn ne et t g ga at te ew wa ay y This command is used to configure an IP address as the gateway used for subnet S Sy yn nt ta ax x msubnet gateway 2 Gateway IP S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description 2 It means LAN interface Gateway IP Specify an IP address as the gate...

Страница 491: ...D De es sc cr ri ip pt ti io on n Parameter Description 1 2 1 2 It means LAN interface 1 LAN1 2 LAN2 On Off On It means to establish a route Off It means Not to establish a route E Ex xa am mp pl le e msubnet talk 1 2 on msubnet talk 1 2 on Enable routing between LAN1 and LAN2 This setting will take effect after rebooting Please use sys reboot command to reboot the router msubnet talk msubnet talk...

Страница 492: ...onfigure a starting IP address for PPP connection S Sy yn nt ta ax x msubnet pppip 2 Start IP S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description 2 It means LAN interface 2 LAN2 Start IP Type an IP address as the starting IP address for PPP connection E Ex xa am mp pl le e msubnet pppip 2 192 168 2 250 Set LAN2 PPP IPCP Start IP done This setting will take effect after reboo...

Страница 493: ...t t p pr ri im mW WI IN NS S This command is used to configure primary WINS server S Sy yn nt ta ax x msubnet primWINS 2 WINS IP S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description 2 It means LAN interface 2 LAN2 WINS IP Enter the IP address as the WINS IP E Ex xa am mp pl le e msubnet primWINS msubnet primWINS 2 WINS IP Now LAN2 0 0 0 0 msubnet primWINS 2 192 168 3 5 Set LA...

Страница 494: ...rver for multi subnet S Sy yn nt ta ax x msubnet tftp 2 TFTP server name S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description 2 It means LAN interface 2 LAN2 TFTP server name Type a name to indicate the TFTP server E Ex xa am mp pl le e msubnet tftp msubnet tftp 2 TFTP server name Now LAN2 msubnet tftp 2 publish Set LAN2 TFTP Server Name done msubnet tftp msubnet tftp 2 TFTP ...

Страница 495: ...MTU 1492 Bytes LAN2 MTU 1500 Bytes IP Routed Subnet MTU 1500 Bytes T Te el ln ne et t C Co om mm ma an nd d m ms su ub bn ne et t l le ea as se et ti im me e This command allows you to configure lease time for LAN interface S Sy yn nt ta ax x msubnet leasetime 1 2 Lease Time sec S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description 1 2 Available settings include 1 LAN1 2 LAN2 ...

Страница 496: ...ile NAME Enter a name with less than 15 characters Example object ip obj 9 n bruce INDEX i INTERFACE It means to define an interface for the IP object INDEX Enter the index number of the specified group profile INTERFACE Enter 0 1 3 0 means any 1 means LAN 3 means WAN Example object ip obj 8 i 0 INDEX s INVERT It means to set invert seletion for the object profile INDEX Enter the index number of t...

Страница 497: ... De es sc cr ri ip pt ti io on n Parameter Description setdefault It means to return to default settings for all profiles INDEX v It means to view the information of the specified group profile INDEX Enter the index number of the specified group profile Example object ip grp 1 v INDEX n NAME It means to define a name for the IP group INDEX Enter the index number of the specified group profile NAME...

Страница 498: ...roup under such profile E Ex xa am mp pl le e object ip grp 2 n First IP Group Profile 2 Name First Interface Any Included ip object index 0 0 1 0 2 0 3 0 4 0 5 0 6 0 7 0 8 0 9 0 10 0 11 0 object ip grp 2 a 1 2 IP Group Profile 2 Name First Interface Lan Included ip object index 0 0 1 0 2 0 3 0 4 0 5 0 6 0 7 0 8 0 9 0 10 0 11 0 Set ok ...

Страница 499: ...15 characters Example object ipv6 obj 9 n bruce INDEX s INVERT It means to set invert seletion for the object profile INVERT Enter 0 or 1 0 means disableing the function 1 means enabling the function Example object ipv6 obj 3 s 1 INDEX e MATCH_TYPE It means to set the match type of ipv6 object profile MATCH_TYPE Enter 0 or 1 0 128 Bits 1 Suffix 64 Bits Interface ID INDEX a TYPE START_IP END_IP Pre...

Страница 500: ... yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description setdefault It means to return to default settings for all profiles INDEX v It means to view the information of the specified group profile INDEX Enter the index number of the specified group profile Example object ipv6 grp 1 v INDEX n NAME It means to define a name for the IPv6 group INDEX Enter the index number of the specifie...

Страница 501: ... nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description setdefault It means to return to default settings for all profiles INDEX v It means to view the information of the specified service object profile INDEX Enter the index number of the specified service object profile Example object service obj 1 v INDEX n NAME It means to define a name for the IP object INDEX Enter the index numbe...

Страница 502: ...s the eding port number Example object service obj 3 s 0 100 200 INDEX d CHK START_P END_P It means to set destination port check and configure port range 1 65565 for TCP UDP INDEX Enter the index number of the specified service object profile CHK Enter 0 1 2 or 3 0 means equal when the starting port and ending port values are the same it indicates one port when the starting port and ending port v...

Страница 503: ...fied service group profile INDEX Enter the index number of the specified group profile Example object service grp 1 v INDEX n NAME It means to define a name for the service group INDEX Enter the index number of the specified service group profile NAME Type a name with less than 15 characters Example object service grp 8 n bruce INDEX a SER_OBJ_INDEX It means to specify service object profiles for ...

Страница 504: ... show the contents of the specified profile PAGE Enter the page number INDEX v It means to view the information of the specified keyword profile INDEX Enter the index number of the specified keyword profile INDEX n NAME It means to define a name for the keyword profile INDEX Enter the index number of the specified keyword profile NAME Enter a name with less than 15 characters as the keyword profil...

Страница 505: ... index number from 1 to 8 of the specified file extension object profile INDEX n NAME It means to define a name for the file extension object profile INDEX Enter the index number from 1 to 8 of the specified file extension object profile NAME Type a name with less than 15 characters INDEX e CATEGORY FILE_EXTENSI ON It means to enable the specific CATEGORY or FILE_EXTENSION INDEX Enter the index nu...

Страница 506: ...e tlb viv vrm ace arj bzip2 bz2 cab gz gzip rar sit zip bas bat com exe inf pif reg scr torrent Example object fe obj 1 e bmp E Ex xa am mp pl le e object fe obj 1 n music object fe obj 1 e Audio object fe obj 1 v Profile Index 1 Profile Name music Image category bmp dib gif jpeg jpg jpg2 jp2 pct pcx pic pict png tif tiff Video category asf avi mov mpe mpeg mpg v mp4 qt rm v wmv 3gp 3gpp 3gpp2 3g2...

Страница 507: ...MS object profile INDEX Enter the index number from 1 to 10 of the specified SMS object profile NAME Enter a name with less than 15 characters as SMS object profile name INDEX s Service Provider It means to specify the number of the service provider which offers the service of SMS Different numbers represent different service provider INDEX Enter the index number from 1 to 10 of the specified SMS ...

Страница 508: ...file 9 and 10 INDEX Enter the index number from 1 to 10 of the specified SMS object profile URL Enter the URL of SMS object E Ex xa am mp pl le e object sms obj 1 n CTC object sms obj 1 n CTC object sms obj 1 s 0 object sms obj 1 u carrie object sms obj 1 p 19971125cm object sms obj 1 q 2 object sms obj 1 i 50 object sms obj 1 v Profile Index 1 Profile Name CTC SMS Provider kotsms com tw TW Userna...

Страница 509: ...ns to set the port number for SMTP server INDEX Enter the index number from 1 to 10 of the specified mail object profile SMTP Port Enter a port number INDEX a Sender Address It means to set the e mail address of the sender INDEX Enter the index number from 1 to 10 of the specified mail object profile Sender Address Enter the e mail address e g johnwash abc com tw INDEX t Authentication The mail se...

Страница 510: ...a ax x D De es sc cr ri ip pt ti io on n Parameter Description show It means to show the contents for all of the profiles setdefault It means to return to default settings for all profiles INDEX v It means to view the information of the specified notification object profile INDEX Enter the index number from 1 to 8 of the specified notification object profile INDEX n Profile Name It means to define...

Страница 511: ... Name marketing Category Status WAN v Disconnected Reconnected VPN Tunnel v Disconnected Reconnected Temperature Alert v Out of Range T Te el ln ne et t C Co om mm ma an nd d o ob bj je ec ct t s sc ch he ed du ul le e This command is used to create schedule object profile S Sy yn nt ta ax x object schedule set INDEX option list object schedule view INDEX object schedule setdefault S Sy yn nt ta a...

Страница 512: ...he index number from 1 to 15 of the specified schedule object value Enter 0 1 2 or 3 0 Force On 1 Force Down 2 Enable Dial On Demand 3 Disable Dial On Demand INDEX I value It means to set idle time INDEX Enter the index number from 1 to 15 of the specified schedule object value Must be between 0 255 minute The default is 0 INDEX h option day date cycle_days Set how often the schedule will be appli...

Страница 513: ...l AN 100F 100H 10F 10H status port wan2 AN 1000F 100F 100H 10F 10H status port status port wanfc S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description 1 2 all AN 100F 100H 10F 10H status 1 2 all Enter 1 2 or all to specify the number of LAN port AN 100F 100H 10F 10H status It means the physical type for the specific port AN auto negotiate 100F 100M Full Duplex 100H 100M Half D...

Страница 514: ...c It means UDP protocol sec Type a number to set the UDP session timeout i sec It means IGMP protocol sec Type a number to set the IGMP session timeout w sec It means TCP WWW protocol sec Type a number to set the TCP WWW session timeout s sec It means TCP SYN protocol sec Type a number to set the TCP SYN session timeout f It means to flush all portmaps useful for diagnostics l List List all settin...

Страница 515: ...ans to enable bandwidth control for UDP mode Enter 0 or 1 Default is disable 0 disable 1 enable p ratio It means to enable bandwidth limit ratio for UDP ratio Enter the value t mode It means to enable disable Outbound TCP ACK Prioritize mode Enter 0 or 1 Default is disable 0 disable 1 enable V Show all the settings D Set all to factory default for all WANs It means that you can Enter several comma...

Страница 516: ...e l 172 16 3 9 255 255 0 0 0 any It means Any address Simple type l to specify any address for this command r addr Set the remote address addr Enter Addr1 addr1 addr2 addr1 subnet or any Addr1 It means Single address Please specify the IP address directly for example l 172 16 3 9 addr1 addr2 It means Range address Please specify the IP addresses for example l 172 16 3 9 172 16 3 50 addr1 subnet It...

Страница 517: ... no Enter 1 40 index number of the service type d no It means to delete user defined service type no Enter 1 40 index number of the service type n name It means the name of the service name Enter a name of the service t type type It means protocol type Enter 6 17 0 or other number 6 tcp default 17 udp 0 tcp udp 1 254 other p port It means service port port Enter the port number The typing format m...

Страница 518: ... Gateway V LAN1 192 168 1 1 255 255 255 0 V 192 168 1 10 200 192 168 1 1 X LAN2 192 168 5 1 255 255 255 0 V 192 168 2 10 100 192 168 2 1 X Route 192 168 0 1 255 255 255 0 V 0 0 0 0 0 192 168 0 1 T Te el ln ne et t C Co om mm ma an nd d s sh ho ow w d dm mz z This command displays current status of DMZ host E Ex xa am mp pl le e show dmz WAN1 DMZ mapping status Index Status WAN1 aux IP Private IP 1...

Страница 519: ...in name server settings LAN1 Primary DNS Not set LAN1 Secondary DNS Not set LAN2 Primary DNS Not set LAN2 Secondary DNS Not set T Te el ln ne et t C Co om mm ma an nd d s sh ho ow w o op pe en np po or rt t This command displays current status of open port setting E Ex xa am mp pl le e show openport Index Status Comment Local IP Address 1 Enable TEST 192 168 1 110 Total 1 items listed ...

Страница 520: ...0 0 0 0 0 0 MORE q Quit Enter New Lines Space Bar Next Page T Te el ln ne et t C Co om mm ma an nd d s sh ho ow w p po or rt tm ma ap p This command displays the table of NAT Active Sessions E Ex xa am mp pl le e show portmap Private_IP Port Pseudo_IP Port Peer_IP Port Index Protocol Flag Total Portmap Session 0 T Te el ln ne et t C Co om mm ma an nd d s sh ho ow w p pm mt ti im me e This command ...

Страница 521: ...ss 192 168 1 1 Tx Rate 21417 Rx Rate 15413 WAN 1 Status Disconnected Enable Yes Line Fiber Name Mode PPPoE Up Time 0 00 00 IP GW IP TX Packets 0 TX Rate bps 0 RX Packets 0 RX Rate bps 0 WAN 2 Status Disconnected Enable Yes Line Ethernet Name Mode DHCP Client Up Time 0 00 00 IP GW IP TX Packets 0 TX Rate bps 0 RX Packets 0 RX Rate bps 0 T Te el ln ne et t C Co om mm ma an nd d s sh ho ow w a ad ds ...

Страница 522: ...ion 1 544e0000 VDSL Firmware Version 05 07 06 0D 01 07 with Vectoring support Power Management Mode DSL_G997_PMS_NA Test Mode DISABLE ATU C Info Far Current Attenuation 0 dB Far SNR Margin 0 dB CO ITU Version 0 00000000 CO ITU Version 1 00000000 DSLAM CHIPSET VENDOR ...

Страница 523: ... 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0...

Страница 524: ...menas to view current status E Ex xa am mp pl le e srv dhcp dhcp2 l 1 e 1 srv dhcp dhcp2 v 2nd DHCP server flag status Server works on specified MAC address ON Server works on specified LAN port ON Port 1 flag ON Port 2 flag ON T Te el ln ne et t C Co om mm ma an nd d s sr rv v d dh hc cp p p pu ub bl li ic c This command allows users to configure DHCP server for second subnet S Sy yn nt ta ax x s...

Страница 525: ...ic status Index MAC Address T Te el ln ne et t C Co om mm ma an nd d s sr rv v d dh hc cp p d dn ns s1 1 This command allows users to set Primary IP Address for DNS Server in LAN S Sy yn nt ta ax x srv dhcp dns1 LAN1 LAN2 DNS IP address S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description LAN1 LAN2 It means to specify the LAN interface LAN1 LAN2 Enter LAN1 or LAN2 DNS IP addr...

Страница 526: ...S Note The IP Routed Subnet DNS must be the same as NAT Subnet DNS E Ex xa am mp pl le e srv dhcp dns2 lan1 168 95 1 1 srv dhcp dns2 lan1 DNS IP address Now 168 95 1 1 T Te el ln ne et t C Co om mm ma an nd d s sr rv v d dh hc cp p f fr rc cd dn ns sm ma an nl l This command can force the router to invoke DNS Server IP address S Sy yn nt ta ax x srv dhcp frcdnsmanl on off S Sy yn nt ta ax x D De e...

Страница 527: ...er S Sy yn nt ta ax x srv dhcp ipcnt IP counts S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description IP counts It means the number that you have to specify for the DHCP server IP counts Enter a value 0 256 E Ex xa am mp pl le e srv dhcp ipcnt srv dhcp ipcnt IP counts Now 150 T Te el ln ne et t C Co om mm ma an nd d s sr rv v d dh hc cp p o of ff f This function allows users to...

Страница 528: ... ax x srv dhcp startip IP address S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description IP address It means the IP address that you can specify for the DHCP server as the starting point IP address Enter an IP address E Ex xa am mp pl le e srv dhcp startip 192 168 1 53 This setting will take effect after rebooting Please use sys reboot command to reboot the router T Te el ln ne...

Страница 529: ...e Time sec Enter a value E Ex xa am mp pl le e srv dhcp leasetime srv dhcp leasetime Lease Time sec Now 92000 T Te el ln ne et t C Co om mm ma an nd d s sr rv v d dh hc cp p n no od de et ty yp pe e This command can set the node type for the DHCP server S Sy yn nt ta ax x srv dhcp nodetype count S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description count It means to specify a ...

Страница 530: ...dhcp primWINS 192 168 1 88 srv dhcp primWINS srv dhcp primWINS WINS IP address srv dhcp primWINS clear Now 192 168 1 88 T Te el ln ne et t C Co om mm ma an nd d s sr rv v d dh hc cp p s se ec cW WI IN NS S This command can set the secondary IP address for the DHCP server S Sy yn nt ta ax x srv dhcp secWINS WINS IP address srv dhcp secWINS clear S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n ...

Страница 531: ...ne et t C Co om mm ma an nd d s sr rv v d dh hc cp p t tf ft tp p This command can set the TFTP server as the DHCP server S Sy yn nt ta ax x srv dhcp tftp TFTP server name S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description TFTP server name It means to Enter the name of TFTP server TFTP server name Enter a name E Ex xa am mp pl le e srv dhcp tftp TF123 srv dhcp tftp srv dhcp...

Страница 532: ...or Static IP mode If you use other mode you can set in this field If WAN IP alias has been configured then the number of DMZ host can be added more e 1 0 It means to enable disable such feature 1 0 Enter 1 or 0 1 enable 0 disable i IP address It means to specify the private IP address of the DMZ host IP address Enter an IP address r It means to remove DMZ host setting v It means to display current...

Страница 533: ...atus Status IPsec ESP pass thru and IKE src_port 500 preservation is OFF T Te el ln ne et t C Co om mm ma an nd d s sr rv v n na at t o op pe en np po or rt t This command allows users to set open port settings for NAT server S Sy yn nt ta ax x srv nat openport n m command parameter S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description n It means the index number for the profi...

Страница 534: ...ing f It means to return to factory settings for all the open ports profiles E Ex xa am mp pl le e srv nat openport 1 1 a 1 c games i 192 168 1 56 w 1 1 p TCP s 23 e 83 Set WAN Port ok srv nat openport 1 1 v Status Enable Comment games WAN Interface WAN1 Private IP address 192 168 1 56 Index Protocal Start Port End Port 1 TCP 23 83 srv nat openport 1 1 r srv nat openport 1 1 f T Te el ln ne et t C...

Страница 535: ...irection setting idx Enter an index number 1 to 20 enable idx proto It means to activate the selected port redirection setting idx Enter an index number 1 to 20 proto Specify TCP or UDP or All as the protocol flush It means to clear all the port mapping settings table It means to display Port Redirection Configuration Table E Ex xa am mp pl le e srv nat portmap add 1 name tcp 100 0 192 168 1 10 20...

Страница 536: ...e srv nat showall Index Proto WAN IP Port Private IP Port Act R01 TCP 0 0 0 0 100 192 168 1 10 200 Y D01 All 0 0 0 0 192 168 1 96 Y T Te el ln ne et t C Co om mm ma an nd d s sy ys s a ad dm mi in n This command is used for RD engineer to access into test mode of Vigor router T Te el ln ne et t C Co om mm ma an nd d s sy ys s b bo oa ar rd d This command is used to disable enable the function of d...

Страница 537: ...ription default It means to reset current settings with default values status It means to display current profile version and status E Ex xa am mp pl le e sys cfg status Profile version 3 0 0 Status 1 0x4845af2c sys cfg default T Te el ln ne et t C Co om mm ma an nd d s sy ys s c cm md dl lo og g This command displays the history of the commands that you have typed E Ex xa am mp pl le e sys cmdlog...

Страница 538: ...signing a name for it Domain Name Suffix Enter a name It means the name for the domain of the system The maximum number of characters that you can set is 39 wan1 wan2 clear wan1 wan2 Specify WAN interface for assigning a name for it clear Remove the domain name of the system E Ex xa am mp pl le e sys domainname wan1 clever sys domainname wan2 intellegent sys domainname sys domainname wan1 wan2 Dom...

Страница 539: ...et and remove the name for the router when DHCP mode is selected for WAN S Sy yn nt ta ax x sys name wan1 wan2 ASCII string sys name wan1 wan2 clear S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description wan1 wan2 ASCII string It means to specify WAN interface for assigning a name for it wan1 wan2 Specify WAN interface for assigning a name for it ASCII string Enter a string The...

Страница 540: ... Ex xa am mp pl le e sys reboot T Te el ln ne et t C Co om mm ma an nd d s sy ys s a au ut to or re eb bo oo ot t This command allows users to restart the router automatically within a certain time S Sy yn nt ta ax x sys autoreboot on off hour s S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description on off On It means to enable the function of auto reboot Off It means to disabl...

Страница 541: ...rsion 05 07 06 0D 01 07 ADSL Firmware Version 05 07 02 08 00 01 Annex A VDSL2 Firmware Version 05 07 06 0D 01 07 T Te el ln ne et t C Co om mm ma an nd d s sy ys s q qr ry yb bu uf f This command can display the system memory status and leakage list E Ex xa am mp pl le e sys qrybuf System Memory Status and Leakage List Buf sk_buff 200B used 1968 cached 21 Buf KMC5112 5112B used 257 cached 49 Buf K...

Страница 542: ...fer off Turn off pulling buffer E Ex xa am mp pl le e sys pollbuf on Buffer polling is on sys pollbuf off Buffer polling is off T Te el ln ne et t C Co om mm ma an nd d s sy ys s b br ri it ta as sk k This command can improve triple play quality S Sy yn nt ta ax x sys britask on off S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description on off on Turn on the bridge task for imp...

Страница 543: ...agement Server Int Man InternetGatewayDevice ManagementServer nextlevel Get the information of the next level for specified parameter e g sys tr069 get Int Man nextlevel set parm value It means to configure TR 069 parameters settings Available parameters can be seen by using get Int parm Enter the abbriviation of the parameter value Enter the number address string or name for the selected paramete...

Страница 544: ...iceNumberOfEntries InternetGatewayDevice DeviceInfo InternetGatewayDevice ManagementServer InternetGatewayDevice Time InternetGatewayDevice Layer3Forwarding InternetGatewayDevice LANDevice InternetGatewayDevice WANDevice InternetGatewayDevice Services InternetGatewayDevice X_00507F_InternetAcc InternetGatewayDevice X_00507F_LAN InternetGatewayDevice X_00507F_NAT InternetGatewayDevice X_00507F_Fire...

Страница 545: ... al lg g This command can turn on off ALG Application Layer Gateway for SIP S Sy yn nt ta ax x sys sip_alg e 1 0 sys sip_alg p port number sys sip_alg u 1 0 sys sip_alg t 1 0 S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description e 1 0 1 0 Enter 1 or 0 Enable 1 or disable 0 the SIP ALG function p port number Set the listening port for SIP ALG port number Enter a port number 1 6...

Страница 546: ... 0 the listening along UDP path t 1 0 1 0 Enter 1 or 0 Enable 1 or disable 0 the listening along TCP path v Display RTP and RTCP portmap information of RTSP ALG E Ex xa am mp pl le e sys rtsp_alg e 1 Auto enable ALG Master Switch Enable RTSP ALG sys rtsp_alg p 85 Current listening RTSP Port 85 sys rtsp_alg Usage sys rtsp_alg command parameter e enable RTSP ALG 0 disable 1 enable p set your listeni...

Страница 547: ... draytek com licera It means to erase license setting licifno AUTO WAN 1 It means license and signature download interface setting AUTO WAN 1 Enter AUTO or WAN1 WAN2 etc lic_trigger e d s It means to trigger the license automatically to update on boot time e Enable the license trigger to update d Disable the license trigger to update s Display license status E Ex xa am mp pl le e sys license licif...

Страница 548: ...e starting day for time range type year Enter the year month Enter 1 12 day Enter 1 31 hour Enter 0 23 e g sys daylightsave s 2014 3 10 12 d year month day hour Set the detailed settings of the ending day for time range type year Enter the year month Enter 1 12 day Enter 1 31 hour Enter 0 23 e g sys daylightsave d 2014 9 10 12 y month th weekday day in week hour Set the detailed settings of the st...

Страница 549: ...cheTbl t 65 Set TTL limit 65 seconds When TTL larger than 65s delete the DNS entry in the router s DNS cache tabl e T Te el ln ne et t C Co om mm ma an nd d s sy ys s s sy ys sl lo og g This command is used to enable disable syslog S Sy yn nt ta ax x sys syslog a enable command parameter S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description command parameter The available comm...

Страница 550: ...log a 1 s 1 i 192 168 1 25 d 514 sys syslog p Updating server IP address T Te el ln ne et t C Co om mm ma an nd d s sy ys s m ma ai il la al le er rt t This command is used to configure settings for mail alert function S Sy yn nt ta ax x sys mailalert command parameter S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description command parameter The available commands with parameter...

Страница 551: ...ytek com Set Alert Mail Reciver E maiil Address as john draytek com sys mailalert v Current setting for Mail Alert Mail Alert Enable SMTP Server IP Address 172 16 3 168 SMTP Server Port 886 Alert Mail Reciver E maiil Address john draytek com Mail Return E mail Address Use SSL Disable SMTP Authentication Disable Username for SMTP Authentication Password for SMTP Authentication Mail Alert for DoS At...

Страница 552: ...16 GMT 04 00 Caracas La Paz 17 GMT 04 00 Santiago 18 GMT 03 30 Newfoundland 19 GMT 03 00 Brasilia 20 GMT 03 00 Buenos Aires Georgetown 21 GMT 02 00 Mid Atlantic 22 GMT 01 00 Azores Cape Verde Is 23 GMT Greenwich Mean Time Dublin 24 GMT Edinburgh Lisbon London 25 GMT Casablanca Monrovia 26 GMT 01 00 Belgrade Bratislava 27 GMT 01 00 Budapest Ljubljana Prague 28 GMT 01 00 Sarajevo Skopje Sofija 29 GM...

Страница 553: ...i Kamchatka Marshall Is 73 GMT 12 00 Auckland Wellington E Ex xa am mp pl le e sys time zone 8 Set Time Zone OK sys time show System Time Current System Time 2000 Jan 03 Mon 06 11 12 Time Server pool ntp org Time Zone Index 8 GMT 07 00 Send NTP Request Through Auto T Te el ln ne et t C Co om mm ma an nd d s sy ys s d da as sh hb bo oa ar rd d This command is used to display or hidden the informati...

Страница 554: ... settings for sending test mail E Ex xa am mp pl le e testmail Send out test mail Mail Alert Disable SMTP_Server 0 0 0 0 Mail to Return Path T Te el ln ne et t C Co om mm ma an nd d u up pn np p o of ff f This command can close UPnP function E Ex xa am mp pl le e upnp off UPNP say bye bye T Te el ln ne et t C Co om mm ma an nd d u up pn np p o on n This command can enable UPnP function E Ex xa am ...

Страница 555: ...his command can display the information of the UPnP service UPnP service must be enabled first E Ex xa am mp pl le e upnp on UPNP start upnp service SERVICE TABLE1 serviceType urn schemas microsoft com service OSInfo 1 serviceId urn microsoft com serviceId OSInfo1 SCPDURL upnp OSInfo xml controlURL OSInfo1 eventURL OSInfoEvent1 UDN uuid 774e9bbe 7386 4128 b627 001daa843464 SERVICE TABLE2 serviceTy...

Страница 556: ...ter E Ex xa am mp pl le e Vigor upnp tmpvs Temp virtual server status 0 real_addr 192 168 1 10 pseudo_addr 172 16 3 229 real_port 0 pseudo_port 0 hit_portmap_index 0 The protocol TCP time 0 1 real_addr 0 0 0 0 pseudo_addr 0 0 0 0 real_port 0 pseudo_port 0 hit_portmap_index 0 The protocol 0 time 0 MORE q Quit Enter New Lines Space Bar Next Page T Te el ln ne et t C Co om mm ma an nd d u up pn np p ...

Страница 557: ...Enter 0 or 1 to enable disable the Vigor Bridge for WAN or and LAN f 0 1 Enter 0 or 1 to enable disable the firewall functions 0 disable 1 enable E Ex xa am mp pl le e vigbrg set v 4 w 1 l 1 e 1 WAN1 IPv4 bridge is enable Set subnet LAN1 T Te el ln ne et t C Co om mm ma an nd d v vi ig gb br rg g c cl lo os se ea al ll l This command can close Vigor Bridge Function E Ex xa am mp pl le e vigbrg clo...

Страница 558: ...rt command after you change any settings S Sy yn nt ta ax x vlan group id set set_ex p1 p2 p3 p4 s1 s2 s3 s4 S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description id set set_ex p1 p2 p3 p4 s1 s2 s3 s4 Id Enter 0 7 It means the group 0 to 7 for VLAN set set_ex Enter set or set_ex to let the selected port number joining a VLAN group In which set indicates each port can join more...

Страница 559: ...ax x vlan pri n pri_no S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description n pri_no n Enter 0 7 It means VLAN ID number pri_no Enter 0 7 from none to highest priority It means the priority of VLAN profile E Ex xa am mp pl le e vlan pri 1 2 VLAN1 Priority 2 T Te el ln ne et t C Co om mm ma an nd d v vl la an n r re es st ta ar rt t This command can make VLAN settings restarte...

Страница 560: ... ln ne et t C Co om mm ma an nd d v vl la an n s su ub bn ne et t This command is used to configure the LAN interface used by the VLAN group S Sy yn nt ta ax x vlan subnet group_id 1 2 S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description 1 2 1 2 Enter 1 or 2 1 LAN1 2 LAN2 E Ex xa am mp pl le e vlan subnet group_id 2 Vlan Group 0 using LAN2 This setting will take effect after ...

Страница 561: ...de vlan submode on vlan subnet mode modified to promiscuous mode vlan submode status vlan subnet mode promiscuous mode T Te el ln ne et t C Co om mm ma an nd d v vl la an n t ta ag gg ge ed d This command is used to enable or disable the incoming of untagged packets S Sy yn nt ta ax x vlan tagged n on off vlan tagged unlimited on off vlan tagged p1_untag on off S Sy yn nt ta ax x D De es sc cr ri ...

Страница 562: ... 4095 T Te el ln ne et t C Co om mm ma an nd d v vl la an n s sy ys sv vi id d This command is used to modify and show the scope reserved 78 of the VLAN IDs used internally by the system S Sy yn nt ta ax x vlan sysvid show n S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description show It means to show the scope of VLAN ID used internally n n Enter 0 4016 It means the value to be...

Страница 563: ...ode list index Enter the index number of L2L LAN to LAN profile auto proposal index Enter auto or proposal index number to choose the default proposal or specified proposal list index aggressive desg1 desg2 aesg1 aesg 2 It means the chosen DH group for aggressive mode list index Enter the index number of L2L LAN to LAN profile desg1 desg2 aesg1 aesg2 Enter desg1 desg2 aesg1 or aesg2 list index pfs...

Страница 564: ...ex assignkey Pre_Shared_Key vpn dinset list index digsig on off vpn dinset list index ipsec Method on off vpn dinset list index localid Local_ID S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description list index list index Enter the index number of L2L LAN to LAN profile list index on off It means to enable or disable the profile list index Enter the index number of L2L LAN to L...

Страница 565: ... to LAN profile 0 2 Enter 0 1 or 2 0 LAN1 1 LAN2 2 LAN3 list index assignip on off It means to enable the assignment for static IP address list index Enter the index number of L2L LAN to LAN profile on off Enter on or off On Enable Off Disable list index srnode on off It means to enable the function of Specify Remote Node list index Enter the index number of L2L LAN to LAN profile on off Enter on ...

Страница 566: ...n Enable Off Disable list index assignkey Pre_Shared_Key Assign the pre shared key list index Enter the index number of L2L LAN to LAN profile Pre_Shared_Key Enter a string list index digsig on off Enable disable the function of Digital Signature X 509 for IKE authentication method list index ipsec Method on off Set the IPsec security medthod for the specified VPN profile list index Enter the inde...

Страница 567: ...ers to specify a subnet selection for the specified remote dial in VPN profile S Sy yn nt ta ax x vpn subnet index 1 2 S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description index 1 2 It means the index number of the VPN profile index Enter the index number of L2L LAN to LAN profile 1 2 Enter 1 or 2 1 LAN1 2 LAN2 E Ex xa am mp pl le e vpn subnet 1 2 T Te el ln ne et t C Co om m...

Страница 568: ...e ipsec_out ip key nip nmask index Enter the index number of L2L LAN to LAN profile name Enter the name of the profile ip Enter the IP address to dial to key Enter the value of IPsec Pre Shared Key nip Enter the remote network IP address nmask Enter the mask for the remote network IP e g vpn setup 1 name1 ipsec_out 1 2 3 4 1234 192 168 1 0 255 255 255 0 For L2TP Dial Out index name l2tp_out ip usr...

Страница 569: ... 1 0 Remote NEtwork Mask 255 255 255 0 T Te el ln ne et t C Co om mm ma an nd d v vp pn n o op pt ti io on n This command allows users to configure settings for LAN to LAN profile S Sy yn nt ta ax x vpn option index cmd1 param1 cmd2 para2 Commands of Common Settings vpn optoin index pname ena nnpkt dir idle palive Commands of Dial Out Settings vpn optoin index ctype dialto ltype oname opwd pauth o...

Страница 570: ...de ikeid index Enter the index number of L2L LAN to LAN profile ctype Enter ctype t ctype s ctype l ctype l1 or ctype l2 to set Type of Server I am calling t PPTP s IPSec l L2TP IPSec Policy None l1 L2TP IPSec Policy Nice to Have l2 L2TP IPSec Policy Must dialto Enter dialto IP address or dialto Host Name for VPN such as dialto draytek com or dialto 123 45 67 89 ltype Enter ltype 0 ltype 1 ltype 2...

Страница 571: ...203 12 23 48 peerid Enter peerid ID name as the peer ID for remote VPN gateway For example peerid draytek means the word draytek is used as the local ID iname Enter iname name as the dial in username For example iname admin means the word admin is used as the username ipwd Enter ipwd password as the dial in password For example ipwd 1234 means the word 1234 is used as the password ivj Enter ivj on...

Страница 572: ... remote network you have to do mode n means to set NAT mode for the option of From first subnet to remote network you have to do droute Enter droute off or droute on for the option of Change default route to this VPN tunnel Only single WAN supports this droute on means to enable the fuction droute off means to disable the function E Ex xa am mp pl le e vpn option 1 idle 250 Change Log Idle Timeout...

Страница 573: ...192 168 5 0 24 to profile 1 T Te el ln ne et t C Co om mm ma an nd d v vp pn n l li is st t This command allows users to view LAN to LAN VPN profiles S Sy yn nt ta ax x vpn list index all vpn list index com vpn list index out vpn list index in vpn list index net S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description index all It means to list configuration of the specified prof...

Страница 574: ...ck off Provide ISDN Number off IKE phase 1 mode Main mode IKE Local ID Dial In Settings T Te el ln ne et t C Co om mm ma an nd d v vp pn n r re em mo ot te e This command allows users to enable or disable PPTP IPSec L2TP VPN service S Sy yn nt ta ax x vpn remote PPTP IPsec L2TP SSLVPN on off S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description PPTP IPsec L2TP SSLVP N on off P...

Страница 575: ...mote Access User Accounts or LAN to LAN Profile S Sy yn nt ta ax x vpn NetBios set H2l L2l index Block Pass S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description H2l L2l index Block Pass H2l L2l Enter H2l or L2L Specify which one will be applied by NetBios H2l means Remote Access User Accounts L2l means LAN to LAN Profile index Enter an index number of the profile Block Pass E...

Страница 576: ...se it to specify the connection type and value of MSS connection type TCP maximum segment size range connection type Enter 1 2 3 4 or 5 1 PPTP 2 L2TP 3 IPSec 4 L2TP over IPSec 5 SSL Tunnel TCP maximum segment size range Enter a value Each type has different segment size range PPTP 1 1412 L2TP 1 1408 IPSec 1 1381 L2TP over IPSec 1 1361 SSL Tunnel 1 1360 E Ex xa am mp pl le e vpn mss set 1 1400 VPN ...

Страница 577: ...ast set H2L L2L index Block Pass S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description H2L L2L index Block Pass H2L L2L Enter H2L or L2L Specify which one will be applied for multi cast packets H2L means Host to LAN Remote Access User Accounts L2L means LAN to LAN Profile index Enter an index number of the profile Block Pass Enter Pass or Block the Multicast Packets E Ex xa am...

Страница 578: ... v vp pn n p pa as ss s2 2n na at t This command allows users to determine if the packets passing through by NAT or not when the VPN tunnel disconnects S Sy yn nt ta ax x vpn pass2nat on off S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description on off on off Enter on or off on the packets can pass through NAT off the packets cannot pass through NAT E Ex xa am mp pl le e vpn pa...

Страница 579: ...rtual subnet value Enter 1 2 1 LAN1 2 LAN2 I IP address Set the IP address as the virtual subnet o add del Specify the operation to be performed add del Enter add or del v View the current settings However only the enabled profile will be viewed E Ex xa am mp pl le e vpn sameS i 1 e 1 E 1 e 1 I 10 10 10 0 o add vpn sameS v IPsec with the same subnet VPN profile 1 enable translated LAN1 to Virtual ...

Страница 580: ...he available range is from 1000 to 1500 For Static IP DHCP the maximum number will be 1500 For PPPoE the maximum number will be 1492 For PPTP L2TP the maximum number will be 1460 E Ex xa am mp pl le e wan mtu 1100 wan mtu Static IP DHCP Max MSS 1500 PPPoE Max MSS 1492 PPTP L2TP Max MSS 1460 wan ppp_mss MSS size 1000 1500 Now 1100 T Te el ln ne et t C Co om mm ma an nd d w wa an n d dn ns s This co...

Страница 581: ... am mp pl le e wan DF_check on DF bit check enable wan DF_check off DF bit check disable reset DF bit T Te el ln ne et t C Co om mm ma an nd d w wa an n d di is sa ab bl le e This command allows you to disable WAN connection E Ex xa am mp pl le e wan disable WAN WAN disabled T Te el ln ne et t C Co om mm ma an nd d w wa an n e en na ab bl le e This command allows you to disable wan connection E Ex...

Страница 582: ...ndary DNS 0 0 0 0 WAN2 Offline stall N Mode Up Time 00 00 00 IP GW IP TX Packets 0 TX Rate bps 0 RX Packets 0 RX Rate bps 0 Primary DNS 0 0 0 0 Secondary DNS 0 0 0 0 PVC_WAN3 Offline stall N Mode Up Time 00 00 00 IP GW IP TX Packets 0 TX Rate bps 0 RX Packets 0 RX Rate bps 0 Primary DNS 0 0 0 0 Secondary DNS 0 0 0 0 PVC_WAN4 Offline stall N Mode Up Time 00 00 00 IP GW IP TX Packets 0 TX Rate bps 0...

Страница 583: ...ff enable the ARP detection Always_on disable the link detection The connnection is always on wan1 off t time wan1 Enter wan1 to specify WAN1 off Enter off time Enter a time value The default value is 30 and the range shall be 1 to 255 wan1 off i Interval wan1 Enter wan1 to specify WAN1 off Enter off interval Enter a value It is the interval for the system to execute the PING operation The default...

Страница 584: ...n This command allows you to configure multi VLAN for WAN and LAN It supports pure bridge mode modem mode between Ethernet WAN and LAN port 2 4 S Sy yn nt ta ax x wan mvlan pvc_no status save enable disable on off clear tag tag_no service type vlan priority px wan mvlan keeptag pvc_no on off S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description pvc_no status save ena ble disab...

Страница 585: ... n m mu ul lt ti if fn no o This command allows you to specify a channel in Multi PVC VLAN to make bridge connection to a specified WAN interface S Sy yn nt ta ax x wan multifno channel WAN interface wan multifno status S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description channel WAN interface channel Enter channel 5 channel 6 channel 7 or channel 8 WAN interface Enter 1 or 2...

Страница 586: ... et t C Co om mm ma an nd d w wa an n d de et te ec ct t_ _m mt tu u This command allows you to run a WAN MTU Discovery The user can specify an IPv4 target to ping and find the suitable MTU size of the WAN interface S Sy yn nt ta ax x wan detect_mtu i Host IP address s mtu_size d decrease size w 1 c 1 10 S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description i Host IP address s...

Страница 587: ...nfigure wireless access control settings S Sy yn nt ta ax x wl acl enable ssid1 ssid2 ssid3 ssid4 wl acl disable ssid1 ssid2 ssid3 ssid4 wl acl add MAC ssid1 ssid2 ssid3 ssid4 comment isolate wl acl del MAC wl acl mode ssid1 ssid2 ssid3 ssid4 white black wl acl show wl acl showmode wl acl clear S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description enable ssid1 ssid2 ssid3 ssid...

Страница 588: ...acl clean It means to clean all access control setting E Ex xa am mp pl le e wl acl add 00 1D AA 93 9F 3C ssid1 test isolate Set Done wl acl show Mac Address Filter Status SSID1 Disable SSID2 Disable SSID3 Disable SSID4 Disable MAC Address List Index Attribute MAC Address Associated SSIDs Comment 1 s 00 1d aa 93 9f 3c SSID1 test s Isolate the station from LAN wl acl showmode SSID1 None SSID2 None ...

Страница 589: ... length of the sync field in an 802 11 packet Most modern wireless network uses short preamble with 56 bit sync field instead of long preamble with 128 bit sync field However some original 11b wireless network devices only support long preamble enable Enter 0 or 1 0 disable to use long preamble 1 enable to use long preamble txburst enable It means to enhance the performance in data transmission ab...

Страница 590: ...control for the specified SSID 0 disable and 1 enable upload Enter a value It means to configure the rate control for data upload The unit is kbps download Enter a value It means to configure the rate control for data download The unit is kbps Isolate ssid_num lan member It means to isolate the wireless connection for LAN and or Member ssid_num Enter 1 2 3 or 4 to specify SSID1 SSID2 SSID3 or SSID...

Страница 591: ...nfigurations to take effect Telnet Command wl restart wl config isolate 1 1 1 T Te el ln ne et t C Co om mm ma an nd d w wl l s se et t This command allows users to configure basic wireless settings S Sy yn nt ta ax x wl set SSID CHAN En wl set txburst enable S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description SSID CHAN En SSID Enter a SSID for the router The maximum charact...

Страница 592: ... wl l a ac ct t This command allows users to activate wireless settings S Sy yn nt ta ax x wl act En S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description En It means to enable or disable the function of VPN isolation enable Enter 0 or 1 0 diable 1 enable E Ex xa am mp pl le e wl act on Set Wlan to Enable ...

Страница 593: ...priority levels for four access categories derived from 802 1d prioritization tabs S Sy yn nt ta ax x wl wmm ap QueIdx Aifsn Cwmin Cwmax Txop ACM wl wmm bss QueIdx Aifsn Cwmin Cwmax Txop ACM wl wmm ack Que0_Ack Que1_Ack Que2_Ack Que3_Ack wl wmm enable SSID0 SSID1 SSID2 SSID3 wl wmm apsd value wl wmm show S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description ap QueIdx Aifsn Cwm...

Страница 594: ... AP WMM Example wl wmm ack 0 0 0 0 enable SSID0 SSID1 SSID2 SSID3 It means to enable the WMM for each SSID 0 disable 1 enable Example wl wmm enable 1 1 1 1 Apsd value It means to enable disable the ASPD automatic power save delivery function 0 disable 1 enable Example wl wmm apsd 1 show It displays current status of WMM E Ex xa am mp pl le e wl wmm ap 0 3 4 6 0 0 QueIdx 0 APAifsn 3 APCwmin 4 APCwm...

Страница 595: ...Vigor2620 Series User s Guide 583 ...

Страница 596: ... and 1 for BW_40 gi value value Enter 0 or 1 0 for GI_800 and 1 for GI_4001 badecline value value Enter 0 or 1 0 for disabling and 1 for enabling autoba value value Enter 0 or 1 0 for disabling and 1 for enabling rdg value value Enter 0 or 1 0 for disabling and 1 for enabling msdu value value Enter 0 or 1 0 for disabling and 1 for enabling txpower value value Enter 1 6 level antenna value value En...

Страница 597: ...alue It means to specify connection mode for WDS value Enter d b or or d Disable b Bridge r Repeapter security value It means to configure security mode with encrypted keys for WDS value Available settings are disable No security wep WEP wpapsk key WPA PSK wpa2psk key WPA2 PSK key Moreover you have to add keys for wpapsk wpa2psk and wep and specify index number of schedule profiles to be followed ...

Страница 598: ...wl wds status Please enable WDS hello function first wl wds hello 1 Note Please restart router after you set the parameters wl wds status T Te el ln ne et t C Co om mm ma an nd d w wl l b bt tn nc ct tl l This command allows you to enable or disable wireless button control S Sy yn nt ta ax x wl btnctl value S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description value value Ente...

Страница 599: ...tlist num S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description show Display the station list num Display the number of wireless station E Ex xa am mp pl le e wl stalist show 2 4G Wireless Station List Index Status IP Address MAC Address Associated with Status Codes C Connected No encryption E Connected WEP P Connected WPA A Connected WPA2 B Blocked by Access Control N Connect...

Страница 600: ...rAP on LAN query It is used to query any VigorAP which has been registered to APM Central AP Management in Vigor2620 Information related to the registered AP will be send back to Vigor2620 for updating the web page of Central AP Management E Ex xa am mp pl le e apm clear Clear all clients done T Te el ln ne et t C Co om mm ma an nd d a ap pm m p pr ro of fi il le e This command allows to configure...

Страница 601: ...ex client index1 index2 index5 It is used to apply the selected APM profile onto specified VigorAP profile index Enter the index number of existed profile client index1 index5 Enter the index number of the selected APM profiel to the specified VigorAP E Ex xa am mp pl le e apm profile clone 1 2 forcarrie Done apm profile summary Name SSID Security ACL RateCtrl U D 0 Default DrayTek LAN A WPA WPA2 ...

Страница 602: ...load balance function 1 enable load balance 0 disable load balance 2 The second number means the station limit function 1 enable station limit 0 disable station limit 3 The third number means the traffic limit function 1 enable traffic limit 0 disable traffic limit 4 The forth number means the limit num of station Available range is 3 64 5 The fifth number means the upload limit function 1 enable ...

Страница 603: ...s sy ys sl lo og g This command is used to display the AP syslog data coming form VigorAP S Sy yn nt ta ax x apm apsyslog AP_Index S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description AP_Index Specify the index number which represents VigorAP E Ex xa am mp pl le e apm apsyslog 1 8d 02 46 09 syslog APM Send Rogue AP Detection data 8d 02 53 04 syslog APM Run AP Detection Discov...

Страница 604: ...0_01daa902080 Get Rogue AP Detection Data from AP Success T Te el ln ne et t C Co om mm ma an nd d a ap pm m s st ta an nu um m This command is used to display the total number of the wireless clients no matter what mode of wireless connection 2 4G WLAN or 5G WLAN used by wireless clients to access into Internet through VigorAP S Sy yn nt ta ax x apm stanum AP_Index S Sy yn nt ta ax x D De es sc c...

Страница 605: ...0 54 57 60 62 65 82 ARP Table 110 Auth Type 127 Authentication Mode 165 Auto detect 24 Auto Logout 10 Auto Update interval 125 Aux WAN IP 120 Ｂ Backup 110 Backup MX 127 Bandwidth Limit 300 304 Bind IP to MAC 108 Bind to WAN 210 Bridge 167 Bridge Mode 55 61 Bridge Subnet 55 Brute Force Protection 291 Ｃ Cache 258 Call Direction 199 Call Filter 225 Certificate Backup 223 Certificate Management 216 Ch...

Страница 606: ...9 DHCP Server IP Address 94 96 DHCP Table 367 DHCPv6 Stateful 100 DHCPv6 Server 101 Diagnostics 362 363 Dial out Triggering 363 Digital Signature 182 197 Display Name 45 46 47 DMZ Host 117 DNS Cache Table 369 DNS Server IP Address 54 60 67 95 97 DNS Server IPv6 Address 101 Domain Name 66 DoS Defense 226 241 244 DoS Flood Table 377 DrayTek Banner 239 DSL Mode 45 DSL Modem Code 45 DSL Status 376 Dyn...

Страница 607: ... Neighbour Table 366 IPv6 Object 338 IPv6 TSPC Status 376 Isolate 160 ISP Access Setup 49 56 62 68 ISP Name 82 Ｋ keep alive 199 Keep Alive Period 278 Keep WAN Connection 65 Keyword Group 347 Keyword Object 345 Ｌ LAN 90 LAN General Setup 92 LAN Routed Prefix 76 LAN to LAN 198 Lease Time 94 96 99 Load Balance 329 Load Balance for AP 317 Local Certificate 182 217 Local ID 198 Local IP Address 120 Log...

Страница 608: ...ing Retry 50 54 57 60 62 65 82 Port Redirection 113 Port Triggering 122 Port based Bridge 80 Port Based VLAN 105 PPP Authentication 51 57 64 69 82 PPP General Setup 189 PPP Setup 69 PPPoE 21 29 PPPoE Pass through 51 58 PPPoE PPPoA 23 PPTP 196 PPTP L2TP 32 Prefix Len 150 Prefix Length 75 Pre shared Key 167 Pre Shared Key PSK 162 Primary DNS Sever 101 Primary IP Address 95 97 Primary Secondary Ping ...

Страница 609: ...8 146 Setup Query Server 258 Shared Secret 131 SLAAC stateless 100 Smart Bandwidth Limit 305 SMS Mail Alert Service 135 SMS Provider 135 SMS Mail Service Object 350 SNMP 288 Source IP 115 121 Specify an IP address 59 Specify Remote Node 196 SPI 226 SSID 157 SSL Tunnel 196 SSL VPN 209 Start IP Address 94 96 99 Start IPv6 Address 101 Start Port 121 Static IP 34 Static Route 91 146 Static Route for I...

Страница 610: ...l 13 Virtual WAN 19 VLAN 105 VLAN Configuration 107 VLAN Tag 80 106 VLAN Tag insertion 24 28 45 VPI 53 VPN 176 VPN and Remote Access 177 VPN Client Wizard 178 VPN Server Wizard 184 Ｗ WAN 43 WAN Connection Detection 50 54 57 60 62 65 70 72 73 74 75 76 78 WAN Interface 115 120 WAN IP Alias 53 57 59 64 66 69 WAN IP Network Settings 53 59 66 69 WAN Setup 82 WAN Type 80 WDS 166 Web Console 16 Web Conte...

Отзывы:

Нет отзывов

Похожие инструкции для Vigor2620 Series

QSR-3920 Series

Бренд: QTech Страницы: 120

Avenue Express Control Panel

Бренд: Ensemble Designs Страницы: 19

Storagelibrary T24

Бренд: Tandberg Data Страницы: 28

Бренд: C-Data Страницы: 26

Бренд: Lancom Страницы: 70

Бренд: Patton electronics Страницы: 12

Бренд: NETGEAR Страницы: 2

Бренд: Patton electronics Страницы: 2

Бренд: Lanner Страницы: 78

Бренд: M86 Security Страницы: 309

Sinus 154 data II

Бренд: T-COM Страницы: 12

Бренд: Wave Wireless Networking Страницы: 167

Бренд: TRENDnet Страницы: 10

Бренд: PairGain Страницы: 48

Бренд: Paradyne Страницы: 46

Бренд: ICP DAS USA Страницы: 26

Barricade g SMC2804WBRP-G

Бренд: SMC Networks Страницы: 53

Бренд: Ericsson Страницы: 16

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды